Forum Discussion
Autologon in Intune
I have an AD environment ifsynchronized with AAD. In addition to using Intune for device management.
I'm having trouble setting up Autologon with the Kiosk profile in Intune.
It turns out that, although I set Autologon correctly, every time I restart to test it, the settings have been removed. In Event Viewer I notice that there is a message stating that the Autologon settings have been removed due to an EAS policy.
I have searched the Internet for multiple solutions, but it is impossible, none of them apply.
I don't have anything related to Exchange Active Sync, mail, calendar, etc. I also don't see the EAS-related registry entries listed on many Internet pages.
It seems that the problem is given by Intune's own policies. Although I have excluded my test device from all configuration policies as well as compliance policies, the error still occurs, so I deduce that there is some default policy that affects.
My question is. Is there any way to disable the EAS Built-in policy? How do I set up a PC in kiosk mode with Intune?
Any clues?
Thank you very much in advance.
Enrique Carrasco
- Moe_KinaniBronze ContributorThere is a workaround, which includes un-joining the device from Azure AD and remove some registries. I highly recommending stay away from Auto logon. It’s a known security issue and the password stored in plain text in registries.
Have you considered using web sign or WHFB with PIN?
Moe - erikminter777Copper Contributor
ecarrasco you need to create an Intune compliance policy that does not require a password to unlock the device and assign it to the computer you need to autologon.
- SebCerazyIron ContributorSadly Intune policies allow only Require or Not Configured. There is NO OPTION to chose "NOT Required"
- George McDonaldCopper Contributorecarrasco - IDK if you managed to resolve this problem by now, but I was also facing this challenge at our end in what is a very similar infrastructure setup.
I am not using a Kiosk profile, instead, I'm using a domain account, but I need this account to deliver the same type of service as a kiosk display would, hence the need to autonomously login to a predefined account following OS/Driver updates, etc.
My setup is a Win11Ent machine, Intune enrolled and managed (with mostly default policies applied).
I managed to find a workaround via the Sysinternals Autologon app > https://learn.microsoft.com/en-us/sysinternals/downloads/autologon
I had to run what I think is the 32-bit application, as the 64-bit variants didn't work in my setup.
I hope this helps anyone else looking for a solution.
P.S. Interestingly, the preceding machine doing the same job is also enrolled in Intune and is provisioned via the same AD/AAD security groups, yet in the User Accounts section (netplwiz) the "Users must enter a user name and password to use this computer" option isn't missing! The only difference is the preceding PC running the same account and services is a Win10 machine, not Win11. I therefore fail to understand how the issue could be Policy related as I have two machines with the same memberships, accounts, privileges, etc, differing only by OS. It's rather irritating when MS does things like this.