CSP for "Do not enumerate connected users on domain-joined computer"

Johannes Ebner 231 Reputation points
2020-12-01T03:52:42.053+00:00

Hi,

I have a couple of M365 Users on Azure AD Domain-joined computers (Win10).

I want, that all of those users who already logged in on the Device are shown in the login screen so that they do not need to enter the PWD all the time.

I found an option on how to do this by doing gpedit.msc -->

1) Configuration\Windows Settings\Security Settings\Local Policies\Security Options
-) Disable Interactive logon: Don't display last signed-in" and "Interactive logon: Don't display username at sign in"

2) Interactive logon: Don't display last signed-in" and "Interactive logon: Don't display username at sign in"
-) Block user from showing account details on sign-in" and "Do not enumerate connected users on domain-joined computer"

For the first part I found the corresponding CSP Entires, but not for the second part.
How can I achieve this?

Best Regards,
Johannes

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,271 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Johannes Ebner 231 Reputation points
    2020-12-01T08:48:48.587+00:00

    Hi,

    1) M365 users
    2) Intune, no OnPrem Infrastructure deployed

    Regarding the "Do not enumerate..." I found it on the client via gpedit.msc

    0 comments No comments

  2. Johannes Ebner 231 Reputation points
    2020-12-01T09:28:04.303+00:00

    Maybe I need to describe better what I want to achive:

    I want to migrate 5 Users and 3 CLients from Google Apps and locally, independent installed Devices to Office365 and M365.
    I added the Users to the Admin Hub and assigned the O365 and M365 License. Thats working so far. I can login to the Windows Client with the UPN of the users and use all Services.

    What I want to achive now, as the Clients are shared clients, is that the users do not need to enter the UPN everytime they log in. I want to see all Users who logged in already one time on the client per default on the logon screen.

    I can achieve this when doing the following change via gpedit:

    Navigate to the following group policy object: Computer Configuration\Administrative Templates\System\Logon

    Configure "Block user from showing account details on sign-in" and "Do not enumerate connected users on domain-joined computer" as "Not configured" or "Disabled".

    I try now to find a way how to set this via Azure AD and Intunes.

    Best Regards,
    Johannes