You try to add a Domain in the Threat Defense for Active Directory core UI but receive the error: "Logon failure: the user has not been granted the requested logon type at this computer".

The user is member of Local and Domain admins, and rights indicated on page 23 of the Installation Guide have been confirmed.

The Windows Security Event Logs show an Audit Failure event for the account with Logon Type: 4 and Status: 0xC000015B

Release : 3.6.2

A GPO was defined for "Log on as a batch job" which removed the default rights for Administrators.

If the "Log on as a batch job" GPO must remain defined, add the necessary account to that privilege and run: gpupdate /force