Restricting Microsoft accounts from signing in to the device, only require an Administrator Microsoft account specified in AAD.
If a user with AAD credentials/Microsoft account signs into our Self Deploying Autopilot Kiosk PCs, the local accounts on the PCs will have the Password Never Expires set to false and User cannot change password false.
Upon restart of the PC, the PC then will not log in to the KioskUser0 inbuilt account from the Assigned Access CSP. Upon trying to log in to this account, it will prompt to reset the password. This defeats the purpose of using the RS5 Auto Logon Account (KioskUser0).
I should be able to restrict the accounts that are able to log in to the PC, more specifically, restrict it to the list of Additional Administrators listed in AAD.
This breaks the configuration of the PC and requires it to be re-provisioned as we cannot set the local accounts back to the default configuration.
