This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 82%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
Hi,
I have a couple of M365 Users on Azure AD Domain-joined computers (Win10).
I want, that all of those users who already logged in on the Device are shown in the login screen so that they do not need to enter the PWD all the time.
I found an option on how to do this by doing gpedit.msc -->
1) Configuration\Windows Settings\Security Settings\Local Policies\Security Options
-) Disable Interactive logon: Don't display last signed-in" and "Interactive logon: Don't display username at sign in"
2) Interactive logon: Don't display last signed-in" and "Interactive logon: Don't display username at sign in"
-) Block user from showing account details on sign-in" and "Do not enumerate connected users on domain-joined computer"
For the first part I found the corresponding CSP Entires, but not for the second part.
How can I achieve this?
Best Regards,
Johannes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Johannes Ebner , From your description, it seems we want to show the login user on login screen without entering password. If there's any misunderstanding, please let us know.
Firstly, I would confirm something with you.
For the CSP, based on my research, I find "Do not enumerate connected users on domain-joined computer" is not in the Policy CSP. Is this a setting under Configuration\Windows Settings\Security Settings\Local Policies\Security Options?
https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin
Hi,
1) M365 users
2) Intune, no OnPrem Infrastructure deployed
Regarding the "Do not enumerate..." I found it on the client via gpedit.msc
Maybe I need to describe better what I want to achive:
I want to migrate 5 Users and 3 CLients from Google Apps and locally, independent installed Devices to Office365 and M365.
I added the Users to the Admin Hub and assigned the O365 and M365 License. Thats working so far. I can login to the Windows Client with the UPN of the users and use all Services.
What I want to achive now, as the Clients are shared clients, is that the users do not need to enter the UPN everytime they log in. I want to see all Users who logged in already one time on the client per default on the logon screen.
I can achieve this when doing the following change via gpedit:
Navigate to the following group policy object: Computer Configuration\Administrative Templates\System\Logon
Configure "Block user from showing account details on sign-in" and "Do not enumerate connected users on domain-joined computer" as "Not configured" or "Disabled".
I try now to find a way how to set this via Azure AD and Intunes.
Best Regards,
Johannes
@Johannes Ebner , Based on my research, I find it is under administrative template. A link not from Microsoft for the reference:
https://www.windows-security.org/85d92440aadff7003d63fb8b8bab78ab/do-not-enumerate-connected-users-on-domain-joined-computers
Research but not find in related CSP.
https://learn.microsoft.com/en-us/windows/client-management/mdm/policies-in-policy-csp-admx-backed
I notice the setting changes a registry key. Maybe you can write a script to change it and deploy it via Intune. As we are only support for Intune,, maybe you can contact Azure AD or Microsoft 365 to see if there's any more suggestions.
Azure AD
https://learn.microsoft.com/en-us/answers/topics/azure-active-directory.html
Microsoft 365
https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365Admin?sort=LastReplyDate&dir=Desc&tab=All&status=all&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=all&isFilterExpanded=false&page=1