How can we improve Azure Active Directory?

← Azure Active Directory

Restricting Microsoft accounts from signing in to the device, only require an Administrator Microsoft account specified in AAD.

If a user with AAD credentials/Microsoft account signs into our Self Deploying Autopilot Kiosk PCs, the local accounts on the PCs will have the Password Never Expires set to false and User cannot change password false.
Upon restart of the PC, the PC then will not log in to the KioskUser0 inbuilt account from the Assigned Access CSP. Upon trying to log in to this account, it will prompt to reset the password. This defeats the purpose of using the RS5 Auto Logon Account (KioskUser0).

I should be able to restrict the accounts that are able to log in to the PC, more specifically, restrict it to the list of Additional Administrators listed in AAD.

This breaks the configuration of the PC and requires it to be re-provisioned as we cannot set the local accounts back to the default configuration.

1 vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jason Van Brandwyk shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Azure Active Directory: Device Registration

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice