Share via

How to restrict a computer to specific user login for AzureAd system!?

Ed Kutsko 0 Reputation points
2023-05-08T18:52:06.9033333+00:00

I saw this thread while searching. https://social.technet.microsoft.com/forums/windowsserver/en-US/998cca5b-544f-4e3e-b800-4090f7253800/how-to-restrict-a-computer-to-specific-user-login-

What is the AzureAd equivalent for this On Prem AD function?

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2023-05-10T06:09:57.0233333+00:00

    @Ed Kutsko

    Thank you for posting your query on Microsoft Q&A. From above description I could understand that you want to allow certain users to signin onto AAD joined devices.

    Please do let me know if this is not correct.

    We don't have a direct option in Azure AD to allow/restrict user on windows devices however this could be achieved via Intune using custom CSP.

    As per UserRights/AllowLocalLogOn, this user right determines which users can sign in to the computer.

    Example:

    OMA-URI: ./Device/Vendor/MSFT/Policy/Config/UserRights/AllowLocalLogOn

    Data Type: String

    Value:

    <![CDATA[AzureAD******@contoso.com&#xF000*;AzureAD******@contoso.com]]>*

    User's image

    (adding screenshot as clipboard is not copying the differential)

    Once applied the non authorized user would get following message:

    User's image

    Please do let me know if you have any queries in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.