Forum Discussion

Robse030's avatar
Robse030
Copper Contributor
May 09, 2022

Anmeldezeiten für Mitarbeiter

Hallo zusammen,   gibt es in der Endpoint-Verwaltung die Möglichkeit, dass sich Mitarbeiter z.B. nur zwischen 8:00 Uhr bis 19:00 Uhr am PC anmelden können? Danach sollen sie automaisch abgemeldet w...
Intune
Robse030's avatar
Robse030
Copper Contributor

Hi Martin,

 

thank you for the information. Than i have to find another solution. 😞

 

Regards,

Robert

Mr_Helaas's avatar
Mr_Helaas
Steel Contributor
May 10, 2022

hi Robse030 ,

 

what you can try as a solution (not officially supported by Microsoft) is to disable the computer object in azure ad . So the users are not allowed to logon anymore.

 

you can create a logic app which disable and enable all your computer object at a specific time. 

I don’t know if this is working but maybe it is a solution.

 

kind regards,

 

rene 

  • Oktay Sari's avatar
    Oktay Sari
    Iron Contributor
    May 10, 2022

    Mr_Helaas very creative! You've pointed me into another (perhaps not supported) direction. I'm wondering if "Deny Local Log On" could work in this scenario.

     

    Robse030 you'll have to test this in your dev tenant: 

    • Create a Device configuration profile > Setting catalog
    • search for "Deny local Log On"
    • add Users
    • assign this policy to a test device  

    This would effectively block all (standard) users from login-on to your Windows device locally.

    As with Mr_Helaas solution, you'll also need to have another policy that removes Users from "Deny Local Log On" and automate this process. 

     

    Have a look at Policy CSP - UserRights - Windows Client Management | Microsoft Docs

     

    That being said, I'm not sure if I'm crossing the line here with (sort of) unsupported solutions... but I tricked myself into thinking outside the box...  

Share

Resources