Create custom configuration profile – Microsoft Surface Hub 2 SmCamera User Manual

2. Replace the placeholder SID (beginning with S-1-12-1) with your

Azure AD Group

SID

and then save the file as XML; for example,

aad-local-admin.xml

.

1. In Endpoint Manager, select

Devices

>

Configuration profiles

>

Create profile

.

2. Under Platform select

Windows 10 and later.

Under Profile, select

Templates

>

Custom

>

Create.

3. Add a name and description and then select

Next.

4. Under

Configuration settings

>

OMA-URI Settings

, select

Add

.

5. In the Add Row pane, add a name and under

OMA-URI

, add the following string:

OMA-URI

</accessgroup>

</GroupConfiguration>

７

Note

While groups should be specified via their SID, if you would like to add Azure
users directly, specify their User Principal Names (UPNs) in this format:

<member name = "AzureAD\[email protected]" />

Create Custom configuration profile

./Device/Vendor/MSFT/Policy/Config/LocalUsersAndGroups/Configure

７

Note

The

RestrictedGroups/ConfigureGroupMembership

policy setting also allows

you to configure members (users or AAD groups) to a Windows 10 local
group. However, it only allows for a complete replacement of the existing
groups with the new members. You cannot selectively add or remove
members. Available in Windows 10 Team 2020 Update 2, it is recommended
to use the

LocalUsersandGroups

policy setting instead of the

RestrictedGroups policy setting. Applying both policy settings to Surface Hub
is unsupported and may yield unpredictable results.