Hello everyone,
I'm totally new to Azure AD / Intune (for education) / Endpoint manager. We have Microsoft 365 A3 subscription.
I've been searching for information and struggling with this task for more than a few weeks and am still unable to find the optimal solution. We have a really simple and (I bet) pretty usual scenario so I'm really intrigued that there is no already a bunch of information about this or already predefined templates, configuration policies or similar.
I work in a school wherein classrooms many teachers use the same device. We have a few classrooms and each classroom has it's own device (I have created AAD user account for each device / classroom).
We store PPT presentations, Word and PDF files, media files and everything on SharePoint folder, which devices (user accounts) have access to.
I'm unable to use Kiosk mode for this because we need a bunch of applications to work with - Office apps of course, video player, file manager, PDF reader, codec pack and a lot of other apps. Also, as I've already mentioned, we need access to Sharepoint and to la ocal file server, and a bunch of other things, so we can't so much restrict privileges and user experience - Kisok mode is definitely out. Also, as we have static user account predefined for classroom device (teachers won't have M365 accounts at all, and we don't wanna complicate with this at all), we have dedicated A3 accounts for those desktop devices - Shared multiple-user is definitely out.
So, I'm left with custom configuration policies, devices restrictions and scripts. And I was able to configure a 90% of desired things to the device, but there is one task that I'm unsure how to achieve - autologon with a dedicated predefined user account. I don't want to explain and let users (teachers) know our user account password so they could start using our device - we need to do that for them in advance. I'm aware of Autologon app but, as I've seen so far, this isn't possible to configure via Intune (unable to provide user credentials). Also, if it would be possible to do such thing, there would come up another problem - when device going to sleep (which happens 99% of the time), the user would be asked to provide a password after waking up the device. Once again, I don't want to burden teachers with that info. Also, it would be a security hole probably, as everyone would know our username/password credentials.
The second option would be to create AAD account without password, which is also impossible as much as I know.
So, my question is simple - is there a way to remove the password prompt, or somehow to adjust autologon and disable windows lock screen (after device waking up)?
