Hello,
We have an issue where users log in to their local computer with their 365 credentials, taking advantage of the basic functionality of Microsoft Login ID, which is programmed to also add global administrators as administrators of the local computer when the user logs in for the first time. In case of needing remote support with the need for elevated privileges, the user is communicated the password of the global 365 administrator who, once support is completed, changes the password. However, despite the password change, the user can perform administrative operations on his computer using the global user and the old password which is stored somewhere in the local computer. The join is only on Microsoft Login ID, and we do not have a local AD.
We have tried various methods to resolve the problem, including configuring Cached Credentials with Group Policy, checking Windows credentials, and verifying the presence of the global administrator with lusrmgr.msc (not present). We also deleted the contents of AppData directories, but all attempts were unsuccessful.
Where are these accesses stored, and how can they be deleted from the computer's locale?
Please note that the local administrator does not log in to the computer via the Windows login screen.
I appreciate any support in better understanding how this works.
Thank you.