Restrict who can login to a device based on user group
I would like an option to restrict who can login to a Windows 10 computer based on user groups. Or if using kiosk mode restrict logging in completely. But for example I have teacher devices that I do not want students to be able to login to. It would be useful to restrict this based on user groups.
Chandler Cunningham commented
This is extremely needed for any organization that has made the switch from traditional AD. The only way to make this work is by using the UserRights CSP which is hacky and unreliable.
With how hard InTune has pushed kiosk management, it's shocking that this basic fundamental feature isn't a thing.
This seems like a really fundamental security feature.
I cant believe this is not a thing.
We have a similar scenario, we have kiosk W10 PCs. If you log out of the kiosk user, you land at the sign in screen (obviously). But it allows anyone with an AAD account for our org to sign in to the device - and there is no way to restrict it!! How frustrating.