To deploy the policy setting to a Intune managed device, we need to use a Custom Configuration profile. To achieve the required restrictions, we use the CSP policy AllowLocalLogon. Configure the Custom Configuration profile Here I restricted the logon rights to only local accounts by using CSP policy AllowLocalLogon (User Right to Sign In Locally).Īfter some testing I was able to add multiple Azure AD account to the AllowLocalLogon setting, which prohibits other users from logging on into the Windows device. I was successful in removing Authenticated Users and adding the AAD users, but other users where still able to sign-in to the device.Īt that moment I realized, I already used such a solution for a Windows 10 kiosk device, which is described here. We are wanting to migrate devices into Azure AD, but need to access on premise file shares as there is 100 users using on prem file shares daily. Users log into their computers on premise using the domain, and they also log into Office365 using the same domain. I am unable to log on with my regular admin account I have tried azuread/admin When I try the onmicrosoft admin account it works. Azure AD Connect is used between on premise and Azure. one of the admin accounts has ONMicrosoft account and the other admin account is our domain accounts. My first thought was to remove Authenticated Users from the build-in Users group with the Configuration Service Provider (CSP) policy ConfigureGroupMembership and add the Azure AD users which are allowed to sign-in to the device to the Users group. If you to groups/administrator on the azure ad joined computer you see the admins accounts. Intune or Azure Active Directory don`t provide an out-of-the-box solution for this, but with a custom Intune profile we can do the job. It accomplishes this by using the Azure AD Cloud provisioning agent instead of the Azure AD Connect application. If you to groups/administrator on the azure ad joined computer you see the admins accounts. Today a short article in which I show how we can restrict which users can logon into a Azure AD joined Windows 10 device with Microsoft Intune. After that you will see a whole list of options you can configure, the one were looking for is: Configure device options. Azure AD Connect Cloud Sync is a new offering from Microsoft designed to meet and accomplish your hybrid identity goals for synchronization of users, groups, and contacts to Azure AD.
0 Comments
Leave a Reply. |