To add a group rule:
1. On the Privileged Access Group Rules page, click Add Group.
2. In the side panel that opens, select the Target Group.
3. Select the Local Group, or add one, in the drop-down menu.
4. Select the Member (Administrator, Temporary Administrator, Local Administrator), or add a local user, in the drop-down menu.
5. Enable Set validity end time, if desired. Enter or select the expiry time.
6. Confirm that the Rule is active.
7. Click Save.
For group rules where the Member is an Entra ID group
To ensure that administrator rights are assigned correctly, Microsoft recommends a limit of 20 Microsoft Entra groups on each device, and that each user's memberships be limited to 20 groups. The limitation also applies to nested groups.
To edit a group rule:
1. On the Group Rules page, click the Edit icon to the left of a group rule.
2. In the side panel that opens, edit the Local Group, the Member (Administrator, Temporary Administrator, Local Administrator), the Validity End Time and whether the rule is active.
3. Click Save.
