How to limit and enforce login with work account on new laptop and old laptop?

Mohsen Akhavan 811 Reputation points
2025-01-03T00:26:55.0266667+00:00

I want to know how to force users to log in to the company's laptop-only work account (M365).
To clarify, when hiring a new employee, provide him with a laptop. I wanted the only option to log in to the laptop was a work account.

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,972 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,404 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,441 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,885 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 50,886 Reputation points Microsoft Vendor
    2025-01-03T02:06:44.62+00:00

    @Mohsen Akhavan, Thanks for the reply. For the steps I provide previously, yes, it should login with local admin account to do the join. I notice you want just work account login without any local account. It's OK. You can configure Windows Autopilot user-driven Microsoft Entra join in Intune. And do Autopilot enrollment for these devices. For detailed steps, you can refer to the following link:

    https://learn.microsoft.com/en-us/autopilot/tutorial/user-driven/azure-ad-join-workflow

    For new devices, when the device restart, it will ask to enter your work account to sign into the device to finish the Autopilot enrollment.

    For old device, you can reset the device to start the Autopilot enrollment after we configure Autopilot in Intune.

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Crystal-MSFT 50,886 Reputation points Microsoft Vendor
    2025-01-03T01:27:38.2166667+00:00

    @Mohsen Akhavan, Thanks for posting in Q&A. To ensure that new employees can only log in to their laptops using their work (Microsoft 365) accounts, you can configure the laptops to join Microsoft Entra ID. Here are the steps to set this up:

    Open Settings:

    • Go to the Start menu and select Settings (gear icon).

    Access Accounts:

    • In the Settings window, select Accounts.

    Access Work or School Accounts:

    • In the left-hand menu, select Access work or school.

    Join Azure Active Directory:

    • Click on Connect and then select Join this device to Azure Active Directory.
      Sign In:
    • Enter the employee's Microsoft 365 credentials when prompted.

    Once the device is joined to Microsoft Entra ID, the employee will be able to log in using their work account credentials. This setup ensures that personal Microsoft accounts cannot be used to log in to the laptop

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.