Azure AD - Remove Passwords

Question

We are using MS 365 for a small hotel; and trying to migrate away from our current hosted Active Directory.

We use one MS365 account for the "role" of front desk, which can have up to 7 or 8 different people actually using it across 2 computers.

We do not want the front desk agents to have access to the Front desk email at home, or on their phones, or access to anything unless they are standing at one of the two front desk computers.

Is there a way to set it up so that the front desk computers can be permanently signed in to the front desk account so that the front desk agents are not given the actual password to the front desk account?

Answer 1

Hi @Jason Friedmann

What you are looking for is KIOSK Mode:

Prepare a device for kiosk configuration

https://learn.microsoft.com/en-us/windows/configuration/kiosk-prepare

-----------------------------------------

If this is helpful please accept answer.

Answer 2

Hello @Jason Friedmann and thanks for reaching out. You can block selected users from accessing Office 365 (or any other) apps, unless they are in connecting from the hotel, with Azure AD Conditional Access. You will need an Azure AD premium license which may already be part of your Office subscription or can be purchased separately.

First, you need to create a trusted location that includes the IP address range assigned to the hotel.

After that, you can create a policy with a configuration similar to this:

1. Users or workloads identities -> Include -> Select users and groups -> (front desk user account)
2. Cloud apps or actions -> Select apps -> Office 365
3. Conditions -> Locations -> Configure -> Yes -> Include: Any location and Exclude: All trusted locations
4. Grant -> Block access

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.