Block by ad groups script

if(!context.onPrem){
      trace("not onprem");
      var umod = module('User');
      var user = umod.GetCurrentUser();
      var blocked_groups = ["<group_name_1>", "<group_name_2>"];
      if (blocked_groups != null)
     {
      if (user.InEffectiveGroupByNames(blocked_groups)){
        trace("block specified AD groups");
        policy.Locked = true;
         }
     }
}