Forum Discussion

PsychedPala's avatar
PsychedPala
Copper Contributor
Nov 07, 2024

Intune Shared-Device Configuration - Disallow Entra Login

Hello everyone, I am encountering an issue with our shared device setup in Intune. Our organization manages devices through Intune, and we have configured shared devices specifically for external g...
Intune
mobile device management (mdm)
JoeLoveless's avatar
JoeLoveless
Copper Contributor
Mar 10, 2025

What other policies do you have applied? If you have anything "User Rights related", I would look at "Allow Local Log On". Default setting is Administrators, Backup Operators, and Users.

Removing Users and replacing with the name of the local account should work for you.

 

I can't remember if Shared PC Configuration sets the Guest account to a specific name or not. If you are not renaming your Guest account, you could add that to the configuration as I'm not sure if it's a random account or not. 

 

Possible solution:

  1. Rename guest account to a standard.
  2. Allow local logon, set to Administrators, Backup Operators, specific Guest account (or Guests group)
    1. This will remove Users from the local logon
    2. Make sure you're only applying this to the Shared PCs, as nobody would be able to logon for normal workstations :)

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-guest-account

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-locally

Resources