Forum Discussion
Anmeldezeiten für Mitarbeiter
hi Robse030 ,
what you can try as a solution (not officially supported by Microsoft) is to disable the computer object in azure ad . So the users are not allowed to logon anymore.
you can create a logic app which disable and enable all your computer object at a specific time.
I don’t know if this is working but maybe it is a solution.
kind regards,
rene
Mr_Helaas very creative! You've pointed me into another (perhaps not supported) direction. I'm wondering if "Deny Local Log On" could work in this scenario.
Robse030 you'll have to test this in your dev tenant:
- Create a Device configuration profile > Setting catalog
- search for "Deny local Log On"
- add Users
- assign this policy to a test device
This would effectively block all (standard) users from login-on to your Windows device locally.
As with Mr_Helaas solution, you'll also need to have another policy that removes Users from "Deny Local Log On" and automate this process.
Have a look at https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-UserRights?WT.mc_id=Portal-Microsoft_Intune_Workflows#userrights-denylocallogon
That being said, I'm not sure if I'm crossing the line here with (sort of) unsupported solutions... but I tricked myself into thinking outside the box...