regardless of using a OEM device like the Lenovo ThinkSmart hub or a teams room system console deployed onto a surface pro we got always the same issue:
To secure our Office 365 Tenant we use conditional access. Any accessing device must be a in intune registered device.
But when we join the console to AzureAD and register the team room system devices always the local user with the auto logon breaks. On startup the normal Windows 10 logon screen appears.
We tested this serveral ways, at last with the windows 10 1803 and the teams room system deployment script.
Register a surface hub (old generation) works fine.
What is the right way to use team room systems with conditional access?