The simplest method to using a custom user group is to remove the “Authenticated Users” group and add the custom user group created. This is what everyone says including Microsoft. The problem is that now the GPO does not apply anywhere. There are a lot of things attached to “Authenticated Users” like computers and special permissions that you lose when you remove it entirely. So if you keep it there and just remove the apply privilege the custom groups will work correctly without needing to figure out what needs to be added.
The simple method is to not remove but modify the “Authenticated Users group. Go ahead and add the custom user group either before or after this modification.
Go to the Delegation tab and hit Advanced. Then select “Authenticated Users” and remove the check from “Apply group policy” and apply. After doing this you can go back to Scope and “Authenticated Users” will not be there. The group policy is now ready for use.