Create a GPO startup script and execute the batch file from it. The script terminates if it finds sysmonconfig.xml in C:\Windows modify it with the new config name.
In sysmon v9.0 config file we added some of the detections from JPCERT We also included most of and also some of We will push it to more than 4k Endpoints and a month later would update it/remove noisy stuff. Our target is to map most of the MITRE Att@ck/JPCERT in this sysmon config. You might need to add exclusion for some of the software your enivroment including Antivirus/EDR/Whitelisting...etc. Also some of the events are noisy like pipe related events.