How to enable "On resume, display logon screen"

%3CLINGO-SUB%20id%3D%22lingo-sub-2106902%22%20slang%3D%22en-US%22%3EHow%20to%20enable%20%22On%20resume%2C%20display%20logon%20screen%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2106902%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20building%20an%20Intune-managed%20AzureAd%20environment%20from%20the%20ground%20up%20at%20my%20organization%2C%20and%20so%20far%2C%20this%20configuration%20item%20has%20stumped%20me.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThings%20I've%20done%20so%20far%3A%3C%2FP%3E%3CP%3ETwo%20custom%20conifguration%20profiles%20(OMA-URI).%3C%2FP%3E%3CUL%3E%3CLI%3EScreenLockTimeout%3CUL%3E%3CLI%3EOMA-URI%3A%20%22.%2FDevice%2FVendor%2FMSFT%2FPolicy%2FConfig%2FDeviceLock%2FMaxInactivityTimeDeviceLock%22%3C%2FLI%3E%3CLI%3EValue%3A%20Integer%3A%205%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CDIV%20class%3D%22fxc-gc-cell%20fxc-gc-columncell_23_0%22%3E%3CUL%3E%3CLI%3EInteractiveLogon_MachineInactivityLimit%3CBR%20%2F%3E%3CUL%3E%3CLI%3EOMA-URI%3A%20%22.%2FDevice%2FVendor%2FMSFT%2FPolicy%2FConfig%2FLocalPoliciesSecurityOptions%2FInteractiveLogon_MachineInactivityLimit%22%3C%2FLI%3E%3CLI%3EValue%3A%20Integer%3A%20300%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EA%20Device%20restriction%20configuration%20profile%3A%3C%2FP%3E%3CUL%3E%3CLI%3EPassword%3A%20require%3C%2FLI%3E%3CLI%3EMaximum%20minutes%20of%20inactivity%20until%20screen%20locks%3A%205%20Minutes%3C%2FLI%3E%3CLI%3ERequire%20Password%20when%20device%20returns%20from%20idle%20state%20(Mobile%20and%20Holographic)%3A%20require%3C%2FLI%3E%3C%2FUL%3E%3CP%3EAn%20Endpoint%20Protection%20configuration%20profile%3A%3C%2FP%3E%3CUL%3E%3CLI%3EMinutes%20of%20lock%20screen%20inactivity%20until%20screensaver%20activates%3A%200%3C%2FLI%3E%3C%2FUL%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JonSmitty_0-1611854569560.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250335i048808257E1794FC%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JonSmitty_0-1611854569560.png%22%20alt%3D%22JonSmitty_0-1611854569560.png%22%20%2F%3E%3C%2FSPAN%3E%3CP%3EThis%20is%20what%20those%20settings%20give%20me.%3C%2FP%3E%3CP%3EI%20need%20that%20%22On%20resume%2C%20display%20logon%20screen%22%20ticked.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20suggestions%3F%3C%2FP%3E%3C%2FDIV%3E%3CDIV%20class%3D%22ms-editor-squiggler%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22ms-editor-squiggler%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2106902%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

I'm building an Intune-managed AzureAd environment from the ground up at my organization, and so far, this configuration item has stumped me.

 

Things I've done so far:

Two custom configuration profiles (OMA-URI).

  • ScreenLockTimeout
    • OMA-URI: "./Device/Vendor/MSFT/Policy/Config/DeviceLock/MaxInactivityTimeDeviceLock"
    • Value: Integer: 5
  • InteractiveLogon_MachineInactivityLimit
    • OMA-URI: "./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit"
    • Value: Integer: 300

A Device restriction configuration profile:

  • Password: require
  • Maximum minutes of inactivity until screen locks: 5 Minutes
  • Require Password when device returns from idle state (Mobile and Holographic): require

An Endpoint Protection configuration profile:

  • Minutes of lock screen inactivity until screensaver activates: 0
JonSmitty_0-1611854569560.png

This is what those settings give me.

I need that "On resume, display logon screen" ticked.

 

Any suggestions?

 
 
 
 
 
1 Reply

Hello! @JonSmitty

 

Please see my configuration profile as reference. I am using an administrative template profile and I have it deployed to my dynamic autopilot device group.

 

Try it out and let me know if we need to do some tweaking to make it fit your org. I am happy to help.

 

NicklasAhlberg_0-1615016942200.png

 

//Nicklas Ahlberg