Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, September 20, 2018 10:46 PM | 1 vote
Organizations have shared PCs in the meeting Room. Microsoft has changed the login to many UWP Applications and now by default have the option “Allow my organization to manage my device” – This is true with the Whiteboard Application.
This then stores there credentials on the under Access to work or school.
Then those are left on the local PC.
We have set Group Policy to Prevent Microsoft Accounts and Microsoft Consumer Accounts - no matter the setting the user is added. Their credentials are then cached for others to use.
How can we change the default, prevent the credentials or programmatically clear them? They are not stored in credential manager.
Put in a ticket with Premier support to be told 'can't be done' put in a ticket with Office - that seems odd...
Any help appreciated
All replies (5)
Friday, November 9, 2018 2:04 PM
Dependent upon which type of licenses you have, there are options to address such issues. If you have Microsoft E5 licensing, Office advanced licensed or their MDM product licensed then one obtains features one would otherwise not have.
Also, the GPO templates have been changes many times over the last several years. Be sure you are utilizing the latest version. I performed a web search for: latest windows 10 GPO templates which brings up a result for Windows 10 April 2018 Update (1803). Different builds of Windows 10 apply various GPOs significantly different. As of 1803 there are settings which will only appy if you have the client installed with an Enterprise license. Thus, leaving a machine with a non Enterprise license can result in certain GPOs not applying. A web search for: windows 10 GPO requires enterprise license brings up Microsoft documentation regarding this and how it applies to build 1607. Each build is a bit different. BTW, I share your pain.
Thursday, May 2, 2019 12:59 PM
Did you ever get a solution for this?
Thanks
Wednesday, May 22, 2019 5:05 PM
I get this same prompt after moving a mailbox to office365 in hybrid configuration. On first run of outlook after its been migrated, the above message is displayed. I would like to suppress it as users would get confused. Will post back if i find a way to do it. We are using o365 E2.
Thursday, May 23, 2019 3:40 PM
So from all the research i have done, it seems to have to do with azure AD. the prompt is from there. My test user stopped having this issue, so i created another test user, and it appears to be fine as well!
So i am not sure what exactly was going on here but it no longer appears to be an issue. I did find that there is a GPO called "register domain joined computers as devices" ref: /en-us/azure/active-directory/devices/hybrid-azuread-join-control
however i played around with this and was not able to make it change anything.
But like i said, i tried my test user, and a brand new test user or a few different workstations and test VMs and now they both work fine... weird.
Im going to migrate some real users and see if it comes up again.
Friday, January 3, 2020 11:29 AM
To stop this pop up, either configure Hybrid join (if using AD connect), since it is useful to have them hybrid joined anyway, or you can prevent the 'Use this account everywhere' pop up using this:
You can prevent your domain joined device from being Azure AD registered by adding this registry key - HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin, "BlockAADWorkplaceJoin"=dword:00000001.
See /en-us/azure/active-directory/devices/hybrid-azuread-join-plan#review-things-you-should-know