To make a long story short: When configuring user rights policies in Intune with a device configuration (custom profile), you'll find that the sample provided in the docs won't fully work. It does the correct configuration on the clients, but it will show you a remediation error in the Intune portal, which is not very nice.
Credits: Big thanks to Mark Thomas, who helped me solving this one.
Note: There are upcoming changes to Intune announced that should simplify these configurations. Hopefully very soon.
Due to a bug in with the encoding of the delimiter used when following the CDATA syntax, the evaluation fails with an remediation failed error. The bug is due to the fact that the XML parser which handles the  delimiter only works for ADMX backed policies.
Looking something like this:
To workaround the issue until the bug is fixed, skip using the CDATA syntax for now. So instead of using this documented syntax to grant Administrators and Users permissions to for example the Allow local LogOn user right:
Use this syntax instead:
Please note the delimiter. To make sure you get the right character, go to https://coderstoolbox.net/string/#!encoding=xml&action=decode&charset=us_ascii and enter the below text in the input box and press enter.