Here in his post, we will help you understand how to Block Users from Account Details on the Sign-In Policy Using Intune. We will apply this policy using Intune’s Configuration Profiles. Our main purpose here is to help you in acquiring knowledge of how to Block Users from Account Details on the Sign-In Policy Using Intune.
Block Users from Account Details on the Sign-In policy restricts users from displaying account details, such as email address or username, on the sign-in screen. When you activate this policy, users won’t have the option to show their account details on the sign-in screen. If you deactivate or leave this policy setting unconfigured, users can choose whether to display their account details on the sign-in screen.
The main purpose of this policy is to enhance security and protect sensitive user information that might be displayed on the sign-in screen. The specific account details mentioned, such as the email address or username, can be considered sensitive information, especially in scenarios where multiple users access the same system.
When the policy is enabled, it enforces a uniform behaviour across all user accounts on the system, and users will not have the option to show their account details on the sign-in screen. This can be particularly useful in situations where administrators want to maintain a consistent and secure sign-in experience for all users without revealing any potentially sensitive information to unauthorized individuals.
On the other hand, if the policy is disabled or not configured, users will have the freedom to choose whether or not they want their account details displayed on the sign-in screen. This flexibility might be preferred in certain scenarios where users have individual preferences or if the organization’s security requirements are not as strict.
Windows CSP Details BlockUserFromShowingAccountDetailsOnSignin
We will see Windows CSP Details for this Policy setting BlockUserFromShowingAccountDetailsOnSignin. Block Users from Account Details on the Sign-In Policy Using Intune pertains to the configuration of sign-in screen settings on a computer or system. It is typically found in administrative settings, especially in business or organizational environments where security and privacy are important considerations.
It’s important to understand that the application of this policy depends on the specific system or device settings and the administrative controls in place. Organizations need to carefully consider their security needs and user preferences before enabling or disabling this policy. By making the appropriate choice, they can strike a balance between convenience and security when it comes to sign-in screen display options.
CSP URI – ./Device/Vendor/MSFT/Policy/Config/ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin
Block Users from Account Details on the Sign-In Policy using Intune
To set Block Users from Account Details on the Sign-In Policy Using Intune, follow the steps stated below:
- Sign in to the Intune Admin Center portal https://intune.microsoft.com/.
- Select Devices > Windows > Configuration profiles > Create a profile.
In Create Profile, I select Windows 10 and later in Platform and select Profile Type as Settings catalog. Click on Create button.
Platform | Profile Type |
---|---|
Windows 10 and later | Settings Catalog |
On the Basics tab pane, I provide a name for the policy as “Block Users from Account Details on the Sign-In Policy.” Optionally, if you want, you can enter a description for the policy and then proceed by selecting “Next.
Now in Configuration Settings, click Add Settings to browse or search the catalog for the settings I want to configure.
In the Settings Picker windows, I searched for the keyword Account Details, I found the category Administrative Templates\System\Logon and selected this.
When I select that option as stated above, I see only one sub-category, Block user from showing account details on sign-in. After selecting that, click the cross mark at the right-hand corner, as shown below.
Now in the Administrative Template, I enabled the Block user from showing account details on sign-in and click on Next.
Using Scope tags, you can assign a tag to filter the profile to specific IT groups. One can add scope tags (if required) and click Next to continue. Now in Assignments, in Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups, and click Next to continue.
In the Review + Create tab, I review settings. After clicking on Create, changes are saved, and the profile is assigned.
Upon successfully creating the “Block Users from Account Details on the Sign-In Policy,” notification will appear in the top right-hand corner, confirming the action. You can also verify the policy’s existence by navigating to the Configuration Profiles list, where it will be prominently displayed.
Your groups will receive your profile settings when the devices check in with the Intune service. The Policy applies to the device.
Intune Report for Block Users from Account Details on the Sign-In Policy
From Intune Portal, you can view the Intune settings catalog profile report, which provides an overview of device configuration policies and deployment status.
To track the assignment of the policy, you need to select the relevant policy from the Configuration Profiles list. By reviewing the device and user check-in status, you can determine if the policy has been successfully applied. If you require more detailed information, you can click on “View Report” to access additional insights.
Intune MDM Event Log
To verify the successful implementation of String or integer policies on Windows 10 or 11 devices through Intune, you can leverage event IDs 813 and 814. These event IDs provide valuable insights into the application status of the policy as well as the specific value assigned to the policy on those devices. In the case of this particular policy, the value is String and is linked to the event ID 814.
By analyzing these event IDs, you can gain a clear understanding of the policy’s application status and the corresponding value associated with it on the devices in question.
To confirm this, you can check the Event log path – Applications and Services Logs – Microsoft – Windows – Devicemanagement-Enterprise-Diagnostics-Provider – Admin.
MDM PolicyManager: Set policy string, Policy: (BlockUserFromShowingAccountDetailsOnSignin), Area: (ADMX_Logon), EnrollmentID requesting merge: (1A661A16-302C-46D4-81F0-AA73244850D8), Current User: (Device), String: (<enabled />), Enrollment Type: (0x6), Scope: (0x0).
So when I open the above Event log, I found that the policy I have applied to the device is successfully implemented. By reviewing the log entry shown in the above image, the Event Viewer, I came across essential information, including the Area and Enrollment ID. These details play a significant role in identifying the corresponding registry path. To locate the specific information, please consult the table provided below:
Area | Policy | String | Scoped | Event ID |
---|---|---|---|---|
ADMX_Logon | BlockUserFromShowingAccountDetailsOnSignin | Enabled | Device | 814 |
The details presented in the table above for the Block Users from Account Details on the Sign-In Policy Using Intune can be employed to access the registry settings that hold the group policy configurations on a specific computer. To accomplish this, you can execute “REGEDIT.exe” on the target computer and navigate to the precise registry path where these settings are stored.
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\1A661A16-302C-46D4-81F0-AA73244850D8\default\Device\ADMX_Logon
When you navigate to the above path in the Registry Editor, you will find the registry key with the name BlockUserFromShowingAccountDetailsOnSignin.
Registry Name | Value |
---|---|
BlockUserFromShowingAccountDetailsOnSignin | Enabled |
Author
Abhinav Rana is working as an SCCM Admin. He loves to help the community by sharing his knowledge. He is a B.Tech graduate in Information Technology.