Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Question about device sharing multiple users

Occasional Contributor

Hello guys,

 

I have a question about a configuration profile related to a multi-user device.

 

When people of our organisation logged in on their device thats enrolled by Intune, they only had to fill in the password at the Windows 10 login screen. I don't know what changed but now when people in the organisation shut down the device and restart the device they have to fill in their entire UPN as well as the password. Does anyone know which options I should turn on to get this back?

 

The only thing I can think of is a new version of Windows what is causing this problem.

With Windows 10 version 1903 it works, with all the other newer versions it isn't working.

 

Thanks in advance,

 

Zenna

12 Replies
I think it's something like this but then the other way around https://www.anoopcnair.com/do-not-display-last-signed-in-user-using-intune/, perhaps you configured security baselines which removed the display last user setting?

@Harm_Veenstra I tried the following like u said, sadly this didn't work. Can you confirm that these are the right settings? I tried what you said about the other way arround, but when I push this policy to a user in the group I assigned to this policy it doesn't work.

screenshot intune policy.png

Isn't this more like a device setting? If you assign this to a device group, does it work then?
I assigned the device to a security group which is assigned to the policy, this doesn't work.

I tried to reboot the device after the policy was been assigned to the device. But when I turn on the device, it just says "other user" instead of the user I was last signed in with.

Harm_Veenstra_1-1636410707745.png

Even if you use the Configuration Profile/Windows 10/Templates/Endpoint Protection/Local Device Security Options/Interactive Logon option?

Sadly this also didn't work. The strange thing about this is that it worked and still works on our devices that have Windows 10 version 1903 installed on it. With all the newer Windows versions installed it doesn't work.
Strange thing is that I deployed a Windows 10 Intune VM yesterday and it always prompts me for the password of my user (last one logged in) and has the option for other user in the bottom left. And that's a 20H2 build...
I tried this as well, didn't add the device to a single policy from the start. But I have the same problem, when I restart the device I don't see the last signed in user. I wonder where this is going to end...
You could try a Advanced Diagnostics Report from your account to see what is being applied? dmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\temp\mdm.cab and check the MDMDiagHTMLReport.html from there?
One thing that I found out which is strange is that the policy "Interactive logon: Don't display last signed-in" is always enabled. On default the policy should be disabled. So I think that somehow Intune puts this policy in "enabled". Do you have any idea how this is possible?
Update: I did a clean windows 10 20H2 install. I checked the local policy's with secpol.msc.

Like I said, the option was disabled. When I install the device with a provisioning package, the option is enabled.
https://osddeployment.dk/2018/02/12/how-to-control-both-mdm-and-gpo-settings-on-windows-10/ . You could try this to overrule certain settings and let MDM settings win