Enable Interactive Logon CTRL ALT DEL Using Intune

In this post, You will learn the steps to enable Interactive Login CTRL ALT DEL using Intune. Interactive login is authentication to a computer through the usage of an account by pressing the CTRL+ALT+DEL keys on a Windows device.

This security policy setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. Microsoft developed the Interactive Logon CTRLALTDEL feature to make it easier for users with certain types of physical impairments to log on to Windows computers.

If users are not required to press CTRL+ALT+DEL, they are susceptible to attacks that attempt to intercept their passwords. If CTRL+ALT+DEL is required before login, user passwords are communicated through a trusted path.

An attacker could install a Trojan horse program like the standard Windows logon dialog box and capture the user’s password. The attacker would then be able to log on to the compromised account with whatever level of privilege that user has.

Patch My PC

Enable Interactive Logon CTRLALTDEL using Intune

Let’s follow the below steps to enable Interactive Logon CTRLALTDEL using Intune –

Intune Configuration Profiles – Create Profile

In Create Profile, Select Platform, Windows 10, and later and Profile, Select Profile type as Settings catalog. Click on Create button. 

Adaptiva
Intune Configuration Profiles – Select Platform, Profile type
Intune Configuration Profiles – Select Platform, Profile type

On the Basics tab, enter a descriptive name, such as Set Interactive Logon CTRLALTDEL. Optionally, enter a Description for the policy, then select Next.

Create Profile – Enter Name, Description for profile setting
Create Profile – Enter Name, Description for profile setting

In Configuration settings, click Add settings.

Settings catalog - Click + Add settings
Settings catalog – Click + Add settings

On the Settings Picker windows, Select Local Policies Security Options to see all the settings in this category. Select Interactive Logon Do Not Require CTRLALTDEL below. After adding your settings, click the cross mark at the right-hand corner to close the settings picker

Note – In policy, use the search box to find specific settings. You can search by category or a keyword, such as Interactive logon. It will display all the available related settings.

Enable Interactive Logon CTRL ALT DEL Using Intune 1
Settings Picker – Interactive Logon Settings in Intune

The setting is shown and configured with a default value. Set Interactive Logon Do Not Require CTRLALTDEL to Disabled. Click Next.

Interactive logon Do Not Require CTRLALTDEL – If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.

Interactive Logon Do Note Require CTRLALTDEL
Interactive Logon Do Note Require CTRLALTDEL

Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups. Click Next to continue.

Assignments – Select groups to include
Assignments – Select groups to include

In Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.

Review + Create – Device Configuration Profile
Review + Create – Device Configuration Profile

A notification will appear automatically in the top right-hand corner with a message. Here you can see, Policy “Set Interactive logon CTRL+ALT+DEL ” created successfully. The policy is also shown in the Configuration profiles list.

Policy "Set Interactive logon CTRL+ALT+DEL " created successfully
Policy “Set Interactive logon CTRL+ALT+DEL ” created successfully

Your groups will receive your profile settings when the devices check-in with the Intune service.

Once the policy applies to the devices, Users must press CTRL+ALT+DEL before logging on to Windows unless they use a smart card for Windows logon. A smart card is a tamper-proof device that stores security information.

You can check Intune settings catalog profile report from Intune Portal, which provides an overall view of device configuration policies deployment status.

Author

About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.