In this post, You will learn the steps to Do Not Display Last Signed In user name using Intune, aka Endpoint Manager. This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer’s respective Windows logon screen.
By default, the sign-in screen will show the names of added accounts for a user to select their account and provide their sign-in credentials. Before Windows 10 version 1703, this policy setting was named Interactive logon: Do not display last user name. Enable this policy setting to prevent intruders from collecting account names visually from the screens of desktop or laptop computers in your organization.
Why do you not display the last signed-in user name on devices? It could be the possibility that an attacker with access to the console (for example, someone with physical access or someone who can connect to the server through Remote Desktop Services) could view the name of the last user who logged on to the server. The attacker could then try to guess the password, use a dictionary, or use a brute-force attack to try and log on.
- Enable Interactive Logon CTRL ALT DEL Using Intune
- Hide Change Account Settings Using Intune
- Remove Microsoft Teams Chat Icon From Taskbar Using Intune
Do Not Display Last Signed In User Name Using Intune
Let’s follow the below steps to Do Not Display Last Signed In User Name using Intune –
- Sign in to the https://endpoint.microsoft.com/
- Select Devices > Windows > Configuration profiles > Create profile
In Create Profile, Select Platform, Windows 10, and later and Profile, Select Profile Type as Settings catalog. Click on Create button.
On the Basics tab, enter a descriptive name, such as Do Not Display Last Signed In User Name. Optionally, enter a Description for the policy, then select Next.
In Configuration settings, click Add settings.
On the Settings Picker windows, Select Local Policies Security Options to see all the settings in this category. Select Do Not Display Last Signed In below. After adding your settings, click the cross mark at the right-hand corner to close the settings picker –
The setting is shown and configured with a default value Disabled. Set Do Not Display Last Signed In to Enabled. Click Next.
Interactive Logon Do Not Display Last Signed In – This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be displayed. If this policy is disabled, the username will be shown.
Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups. Click Next to continue.
In Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.
A notification will appear automatically in the top right-hand corner with a message. Here you can see, Policy ” Do Not Display Last Signed In User Name” created successfully. The policy is also shown in the Configuration profiles list.
Your groups will receive your profile settings when the devices check-in with the Intune service. Once the policy applies to the devices, Windows sign-in screen will not show the username of the last person who signed in on the device. The name of the last user to successfully log on will not be displayed in the Windows logon screen.
About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.