In this post, You will learn the steps to configure Interactive logon message for users Using Intune aka, Endpoint Manager. This policy setting specifies the text displayed in the window’s title bar that users see when they log on to the system.
Interactive logon messages may also help to reinforce corporate policy by notifying employees of the appropriate policy during the logon process. You can configure this setting in a manner consistent with the security and operational requirements of your organization.
Microsoft introduced an Interactive logon message for users attempting to log on that displays a warning message before logon may help prevent an attack by warning the attacker about the consequences of their misconduct before it happens.
This text is often used for legal reasons—for example, to warn users about the ramifications of misusing company information or that their actions may be audited.
- Enable Interactive Logon CTRL ALT DEL Using Intune
- Hide Change Account Settings Using Intune
- Configure Microsoft Edge as Default Browser using Intune
NOTE! – Ivan explained his experience in the comments section of this post that this policy can break autopilot pre-provisioning (White-Glove). –
It’s listed on the policy conflict page, at the end of the table, as one of four (4) known policies to break the pre-provisioning process. Windows Autopilot – Policy Conflicts https://docs.microsoft.com/en-us/mem/autopilot/policy-conflicts.
Configure Interactive logon Message for Users Using Intune
Let’s follow the below steps to Configure Interactive logon Messages for Users Using Intune.
Sign in to the https://endpoint.microsoft.com/. To create a new Configuration profile, Select Devices > Windows > Configuration profiles > Create profile.
In Create a profile, Select Platform, Windows 10, and later and Profile, Select Profile Type as Settings catalog. Click on Create button.
On the Basics tab, enter a descriptive name, such as Interactive logon Message for users. Optionally, enter a Description for the policy, then select Next.
In Configuration settings, under Settings catalog, click Add settings.
On the Settings Picker windows, Select Local Policies Security Options to see all the settings in this category.
Select Interactive logon Message Title For Users Attempting To Log On, Interactive logon Message Text For Users Attempting To Log On below.
After adding your settings, click the cross mark at the right-hand corner to close the settings picker –
Note – In policy, use the search box to find specific settings. You can search by category or a keyword, such as Interactive logon. It will display all the available related settings.
All the settings are shown here. Select the minus if you don’t want to configure a setting. Let’s configure the message text title for users which will appear during logon process –
Interactive logon: Message text for users attempting to log on – This security setting specifies a text message displayed to users when they log on.
This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or that their actions may be audited.
Interactive logon: Message title for users attempting to log on – This security setting allows the specification of a title to appear in the window’s title bar that contains the Interactive logon: Message text for users attempting to log on.
Important – Any warning that you display should first be approved by your organization’s legal
and human resources representatives.
Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups. Click Next to continue.
You can assign a tag to filter the profile to specific IT groups in-Scope tags. Add scope tags (if required) and click Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.
A notification will appear automatically in the top right-hand corner with a message. Here, Policy “Interactive logon Message for users” was created successfully here. The policy is also shown in the Configuration profiles list.
Your groups will receive your profile settings when the devices check-in with the Intune service. Once the policy applies to the devices, Users will have to acknowledge a dialog box containing the configured text before logging on to the computer.
Author
About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10, Windows 11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
One word of warning with this policy. If you enable it, you will break the Autopilot pre-provisioning build process.
It is listed in the policy conflict page, at the end of the table, as one of four (4) known policies to break the pre-provisioning process.
Windows Autopilot – Policy Conflicts
https://docs.microsoft.com/en-us/mem/autopilot/policy-conflicts
I spent all day troubleshooting that before I realized, that is what was breaking the autopilot process. I had assigned to all autopilot devices instead of All Users.
Is that the fix? Assign the policy to users instead of devices so it doesn’t hit the autopilot group?
I get an autopilot error even if the profile is deployed to the user signing in and not the device – did autopilot work for you when this policy was assigned to the user?
Has anyone found for sure that assignment by user does not negatively impact Autopilot?
Great Information..
“I had assigned to all autopilot devices instead of All Users.”
Ok, that got me curious, so I tested it and it seems to work when assigned to Users instead of Autopilot Devices. White Glove/pre-provisioning works fine, I’m able to set up as a User and log in, but I don’t get the Interactive Logon for the first login. Once I have logged in and restart the computer, then I get the Interactive Logon.