Do not apply the Windows Group policy to a Windows managed device that is a part of the Microsoft domain and has a group policy from the Windows domain controller applied. The Endpoint Management Windows Group policy must be applied only if the group policy from the Windows domain controller is not applied.
If you want the Windows Group policy settings to be applied to all users of a device, the settings must be configured as a part of a device-assigned policy. The user-assigned policies must contain only the configuration settings specific to the user to whom the policy is assigned.
If you apply Local Group policies on a managed device that has Endpoint Management Group policies already applied, some of the settings might not work correctly.
If you want to configure the security settings for a Endpoint Management Group Policy on a newly installed 64-bit Windows device, launch and close the Group Policy editor, gpedit.msc, before running the Group Policy Helper tool.