Forum Discussion
Sign in Restrictions with Intune
Hello,
I recently joined a Windows 11 Pro laptop to Intune and was wondering if I could restrict the sign in to only certain users. For example, on the sign in page, there is a "Other user" option, and when clicked it says "Sign into your: Work or school account." I worry that if the computer is stolen, anyone with an Azure login, can login since it would be considered a work or school account.
Is there any way to get rid of the other user option or to lock it to a specific domain WITHOUT a Windows Server?
3 Replies
Besides the suggestion from Jos you could also use Autopilot to link the device to your domain. There are ways around Autopilot (just Google for it) but with the right thought en technical mechanisms you can make it really hard to circumvent.
To get started:
https://learn.microsoft.com/en-us/autopilot/windows-autopilot
- I think this would help you: https://www.inthecloud247.com/restrict-which-users-can-logon-into-a-windows-10-device-with-microsoft-intune/
JosvanderVaart I just applied a policy via Intune that makes it so when users choose the "Other user" option at sign-in it says login to: mydomainname.org. Will this make it so only users with emails ending in that domain have the ability to login to the computer? I also realized that when users start typing an email address it says Log in to: Your work or school account. Even though it says that, will users still not be able to log in if their email does not end in my domain? I used the "Preferred Aad Tenant Domain Name" setting to do all this.
I had a hard time understanding the article you sent me, so that's why I went back to the Intune portal.
Let me know,
Thanks,
James!
