cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Default to "Work or School" account

Glenn Chubak
Brass Contributor

‎Jun 10 2021 07:56 AM

‎Jun 10 2021 07:56 AM

Default to "Work or School" account

I have performed a BMR on a Surface Hub 1.  Most everything works but when at the main lock screen and selecting to "Sign In", the user is presented with the option to type in a user name or choose to use a Work or School account.  After choosing the Work or School account option, the user can sign in and then is presented with an option to stay signed in on the hub.  Effectively there are two extra steps here that are just a hassle.

 

As we only use Azure AD accounts, I would prefer if this option was the default.  I had previously installed the insider build on a couple of Hubs and with that build, the two extra steps above weren't there.  

 

My question is whether or not everyone is seeing this or if I might have a configuration problem.  The device appears to be properly Azure joined.  Any other ideas?

4,917 Views
0 Likes
10 Replies
Reply
10 Replies
Glenn Chubak

‎Jun 10 2021 08:15 AM

‎Jun 10 2021 08:15 AM

Re: Default to "Work or School" account

@Glenn Chubak Specifically, I'm trying to see if this screen is really necessary.  It doesn't appear on my insider devices and I'd love to get rid of it.  

20210610_143943924_iOS (2).jpg

0 Likes
Reply
Glenn Chubak

‎Jun 11 2021 09:50 AM

‎Jun 11 2021 09:50 AM

Re: Default to "Work or School" account

@Glenn Chubak Can anyone at least let me know if what I'm seeing is normal?  Does everyone need to select the "Work or School Account" option and then confirm a dialog to reduce sign ins?

 

 

0 Likes
Reply
Glenn Chubak

‎Jun 14 2021 10:44 AM

‎Jun 14 2021 10:44 AM

Re: Default to "Work or School" account

@Cezar Cretu could you clarify what the expected behavior is?

0 Likes
Reply
Cezar Cretu

‎Jun 16 2021 01:41 AM

‎Jun 16 2021 01:41 AM

Re: Default to "Work or School" account

Hello @Glenn Chubak,

 

This is expected. The first option allows users that were invited in the ongoing meeting to easily sign in. This is explained here.

If you don't want this feature, you can configure the Properties/DisableSigninSuggestions CSP. More on this here.

 

Best regards,

Cezar

0 Likes
Reply
Glenn Chubak

‎Jun 16 2021 06:56 AM

‎Jun 16 2021 06:56 AM

Re: Default to "Work or School" account

@Cezar Cretu  Thanks.  I think that makes sense.  To me it would be great if you could search for any user from the dialog rather than needing to hit the "Work or School Account" button before searching.  This is a bit confusing to users who might simply type their credentials into the search and be surprised when their user isn't found.  

0 Likes
Reply
Cezar Cretu

‎Jun 17 2021 02:06 AM

‎Jun 17 2021 02:06 AM

Re: Default to "Work or School" account

@Glenn Chubak 

 

It should work as you said too for users in the tenant. Check the Graph Explorer permissions in AAD as it might be blocked by policy. If you need help, kindly open a case 

 

Best regards,

Cezar

0 Likes
Reply
dcl191

‎Jul 21 2022 04:14 PM

‎Jul 21 2022 04:14 PM

Re: Default to "Work or School" account

@Cezar Cretu 

Hi Cesar,

 

I have a fully up to date SH2S (a dozen or so, actually) that show the “Work or School” prompt at every login.  Users tap it, key in their hybrid AD credentials, and log in to the SH2S from the initial boot up screen (ie this isn’t during a meeting).  

This works.  But I’d like to get rid of that prompt. 

The docs around the Properties/DisableSigninSuggestions seems to imply to me that it only impacts the experience during meetings.  

 

Can you clarify?  If I set this property to TRUE will it then get rid of the “Work or School” prompting, and make all logins use the Work (as if a user had tapped that Work or School prompt) and prompt for their work email account? 

0 Likes
Reply
Cezar Cretu

‎Jul 21 2022 11:50 PM

‎Jul 21 2022 11:50 PM

Re: Default to "Work or School" account

Hello @dcl191,

 

You should not be prompted for the "Sign in to see your meetings and files", this is something that the user selects, just as seen here. If you get a prompt to authenticate during use, that might be from your proxy requiring authentication.

However, if you are referring to the options you get after selecting to authenticate and retrieve your meetings and files, Work or School account, this is by design as the user needs to provide the UPN to authenticate. 

If the Surface Hub is already invited to a meeting, meeting attendees will be prepopulated for easy authentication. If another user tries to sign in and he was either not invited to the meeting or no meeting was scheduled, typing in the first letters of his name should provide suggestions.

Now, to answer your question, the CSP DisableSigninSuggestions will block all user authentication and the "Sign in to see your meetings and files" option will not be available anymore.

Hopefully this helps and if you need more information or assistance, you can always open a support case with the Surface Hub team.

 

Best regards,

Cezar

0 Likes
Reply
dcl191

‎Jul 22 2022 08:14 AM

‎Jul 22 2022 08:14 AM

Re: Default to "Work or School" account

@Cezar Cretu 

Hi Cezar,

 

Thanks for the response! 

 

Yes, users are logging into the SH2S.  We've trained most users to do this, so they have access to their files and such for a presentation.  If it's just a meeting, and the SH is already invited, they can just tap to join the meeting and sometimes don't need anything else. 

 

However, if they DO try to fully log into the SH2S, then yes, they have to tap "Work or School Account" first, before they then get another login screen, and THEN they can log in ...  I'm asking, thus - can I force that work or school account to always pop up (when the user clicks the prompt to log in on the main SH2S screen), and skip that middle "tap"? 

 

Further, we'd like to get rid of the constant prompt "Allow this organization to manage this device?" which everyone says "Yes" or "OK" too anyhow; can we get rid of this constant prompt that happens at every login too?

 

Thanks!

0 Likes
Reply
Cezar Cretu

‎Jul 22 2022 08:35 AM

‎Jul 22 2022 08:35 AM

Re: Default to "Work or School" account

Hello @dcl191,

 

The Work or School Account option is there in case the user that tries to login is not part of your organization and is not found when typing in the first letters. Hence, it's not possible to change the process. 

Regarding the device management confirmation, as you know, the Surface Hub design is to be used as a public device and due to security measures, there is no logged-on user. When a user logs in, consent needs to be provided for that device to be managed by the MDM that is being registered to and apply both device and user policies to mark the device as compliant, hence the consent request is mandatory.

 

Thank you,

Cezar

 

0 Likes
Reply