User accounts settings
The User accounts settings remove local administrator privileges on an enrolled user account.
The following table describes the user account settings that you can configure for a Windows device:
Policy setting | Description | Supported devices |
---|---|---|
Configure user accounts settings | Enable this setting to configure the user accounts settings. | Windows 10+ Professional, Education, Enterprise |
User accounts | ||
Enforce removal of local administrator privileges on enrolled user account | Use this setting to work around Microsoft imposed limitations. The user must have
administrator access rights for MDM enrollment. This setting removes the local administrator
privileges of the enrolled user. Caution:
|
Windows 10+ Professional, Education, Enterprise |
Remove local administrator privileges only once BitLocker encryption is complete | BitLocker encryption requires an enrolled user account with device administrator privileges.
For policies, if BitLocker encryption is enabled, enable this setting to make sure that local
administrator privileges are removed when BitLocker encryption is complete. Note: BitLocker
encryption requires an enrolled user account with device administrator privileges.
|
Windows 10+ Professional, Education, Enterprise |
Enable Profile Manager | Enable this setting to set the profile lifetime management for the shared device scenario. | Holographic |
Profile Management | ||
Deletion Policy |
|
Holographic |
Storage capacity percentage threshold to start profile deletion (%) | Deletes the profile when the available capacity falls below this value. The default value is 25%. This configuration is not supported for the Delete all inactive profile users option. | Holographic |
Storage capacity percentage threshold to stop profile deletion (%) | Stops a profile from being deleted when the available capacity reaches this value. The default value is 50%. This configuration is not supported for the Delete all inactive profile users option. | Holographic |