Forum Discussion

Robse030's avatar
Robse030
Copper Contributor
May 09, 2022

Anmeldezeiten für Mitarbeiter

Hallo zusammen,   gibt es in der Endpoint-Verwaltung die Möglichkeit, dass sich Mitarbeiter z.B. nur zwischen 8:00 Uhr bis 19:00 Uhr am PC anmelden können? Danach sollen sie automaisch abgemeldet w...
Intune
Robse030's avatar
Robse030
Copper Contributor
May 09, 2022
Hi Martin, thank you for the reply. That's right, I mean Logon Hours. Unfortanaly, it's not a hybrid enviroment. Is there another Option?

regards,
robert
strnad10's avatar
strnad10
Copper Contributor
May 09, 2022
Hello again,
as stated in this article, it is only a setting you can force via on-premises Active Directory.

https://techcommunity.microsoft.com/t5/microsoft-teams/restricting-access-to-office-365-microsoft-teams-after-defined/m-p/819363

Even Microsoft says that in order to force Logon Hours, you have to use Passthrough Authentication or ADFS.
https://www.youtube.com/watch?v=YtW2cmVqSEw go to 8:00 in the video.

Have a nice rest of the day.
Martin Strnad
  • Robse030's avatar
    Robse030
    Copper Contributor
    May 09, 2022

    Hi Martin,

     

    thank you for the information. Than i have to find another solution. 😞

     

    Regards,

    Robert

    • Mr_Helaas's avatar
      Mr_Helaas
      Steel Contributor
      May 10, 2022

      hi Robse030 ,

       

      what you can try as a solution (not officially supported by Microsoft) is to disable the computer object in azure ad . So the users are not allowed to logon anymore.

       

      you can create a logic app which disable and enable all your computer object at a specific time. 

      I don’t know if this is working but maybe it is a solution.

       

      kind regards,

       

      rene 

      • Oktay Sari's avatar
        Oktay Sari
        Iron Contributor
        May 10, 2022

        Mr_Helaas very creative! You've pointed me into another (perhaps not supported) direction. I'm wondering if "Deny Local Log On" could work in this scenario.

         

        Robse030 you'll have to test this in your dev tenant: 

        • Create a Device configuration profile > Setting catalog
        • search for "Deny local Log On"
        • add Users
        • assign this policy to a test device  

        This would effectively block all (standard) users from login-on to your Windows device locally.

        As with Mr_Helaas solution, you'll also need to have another policy that removes Users from "Deny Local Log On" and automate this process. 

         

        Have a look at Policy CSP - UserRights - Windows Client Management | Microsoft Docs

         

        That being said, I'm not sure if I'm crossing the line here with (sort of) unsupported solutions... but I tricked myself into thinking outside the box...  

Resources