Interactive Logon Do Not Display Last Signed In User Name Using Intune

In this post, You will learn the steps to Do Not Display Last Signed In user name using Intune, aka Endpoint Manager. This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer’s respective Windows logon screen.

By default, the sign-in screen will show the names of added accounts for a user to select their account and provide their sign-in credentials. Before Windows 10 version 1703, this policy setting was named Interactive logon: Do not display last user name. Enable this policy setting to prevent intruders from collecting account names visually from the screens of desktop or laptop computers in your organization.

Why do you not display the last signed-in user name on devices? It could be the possibility that an attacker with access to the console (for example, someone with physical access or someone who can connect to the server through Remote Desktop Services) could view the name of the last user who logged on to the server. The attacker could then try to guess the password, use a dictionary, or use a brute-force attack to try and log on.

Do Not Display Last Signed In User Name Using Intune

Let’s follow the below steps to Do Not Display Last Signed In User Name using Intune –

Patch My PC
  • Sign in to the https://endpoint.microsoft.com/
  • Select Devices > Windows > Configuration profiles > Create profile
Configuration Profiles – Create Profile
Configuration Profiles – Create Profile

In Create Profile, Select Platform, Windows 10, and later and Profile, Select Profile Type as Settings catalog. Click on Create button.

Interactive Logon Do Not Display Last Signed In User Name Using Intune 1
Intune Configuration Profiles – Select Platform, Profile type

On the Basics tab, enter a descriptive name, such as Do Not Display Last Signed In User Name. Optionally, enter a Description for the policy, then select Next.

Adaptiva
Create Profile - Do Not Display Last Signed In User Name
Create Profile – Do Not Display Last Signed In User Name

In Configuration settings, click Add settings.

Settings catalog – Click + Add settings
Settings catalog – Click + Add settings

On the Settings Picker windows, Select Local Policies Security Options to see all the settings in this category. Select Do Not Display Last Signed In below. After adding your settings, click the cross mark at the right-hand corner to close the settings picker –

Settings Picker – Local Policies Security Option in Intune
Settings Picker – Local Policies Security Option in Intune

The setting is shown and configured with a default value Disabled. Set Do Not Display Last Signed In to Enabled. Click Next.

Interactive Logon Do Not Display Last Signed In – This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be displayed. If this policy is disabled, the username will be shown.

Interactive Logon Do Not Display Last Signed In - Enabled
Interactive Logon Do Not Display Last Signed In – Enabled

Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups. Click Next to continue.

Assignments – Select groups to include
Assignments – Select groups to include

In Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.

Review + Create – Device Configuration Profile
Review + Create – Device Configuration Profile

A notification will appear automatically in the top right-hand corner with a message. Here you can see, Policy ” Do Not Display Last Signed In User Name” created successfully. The policy is also shown in the Configuration profiles list.

Policy " Do Not Display Last Signed In User Name" created successfully
Policy ” Do Not Display Last Signed In User Name” created successfully

Your groups will receive your profile settings when the devices check-in with the Intune service. Once the policy applies to the devices, Windows sign-in screen will not show the username of the last person who signed in on the device. The name of the last user to successfully log on will not be displayed in the Windows logon screen.

Author

About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.