Forum Discussion

oryxway's avatar
oryxway
Iron Contributor
Sep 28, 2022

Allow only user account that is assigned to the device

How to restrict user account that has been assigned to the device in Intune?

 

I have setup the configuration profile and have entered everything but not sure what would go under 

OMA-URI Value section?

 

What value will be for those users who have been assigned to that device and no one else should login with their credentials?

Intune

4 Replies

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    Sep 29, 2022
    Hi Oryxway,

    Is this what you looking for?

    https://www.inthecloud247.com/restrict-which-users-can-logon-into-a-windows-10-device-with-microsoft-intune/
    Moe
    • oryxway390's avatar
      oryxway390
      Brass Contributor
      Sep 30, 2022

      Moe_Kinani Yes, that is the one. But, I am not sure about that string that is there. What does that string do there?

       

      We already have an account as a local admin account. but we just need to make sure that only that user assigned the device should be able to login. In order to achieve what should be the string?

      • Moe_Kinani's avatar
        Moe_Kinani
        Bronze Contributor
        Oct 02, 2022

        This policy should do it for you. The OMI is basicslly allowing AllowLocalLogon by using locsl Administrators group + Azure AD user you want to allow. So the value would like below:

        Administrators AzureAD\email address removed for privacy reasons

         

        Hope this helps! 
        Moe

Resources