Control access, accounts, and power features on shared PC or multi-user devices using Intune
Devices that have multiple users are called shared devices, and are a common part of mobile device management (MDM) solutions. Using Microsoft Intune, you can customize shared devices running the following platforms:
- Windows 10 Professional and newer
- Windows 10 Enterprise and newer
- Windows Holographic for Business, such as the HoloLens
For example, schools have devices that are typically used by many students. With this setting, the school Intune administrator can turn on the Shared PC feature to allow one user at a time. Students can't switch between different signed-in accounts on the device. When the student signs out, you also choose to remove all user-specific settings.
End users can sign in to these shared devices with a guest account. After users sign in, the credentials are cached. As they use the device, end-users only get access to features you allow. For example, you choose when the device goes in to sleep mode, if users can see and save files locally, enable or disable power management settings, and more. You also control if the guest account deletes when the user signs-off, or delete inactive accounts when a threshold is reached.
This article shows you how to create a configuration profile, and includes links to the available settings with their descriptions.
When the profile is created in Intune, you deploy or assign the profile to device groups in your organization. You can also assign this profile to device groups with mixed device types and operating system (OS) versions.
Create the profile
Sign in to the Microsoft Endpoint Manager admin center.
Select Devices > Configuration profiles > Create profile.
Enter the following properties:
- Platform: Select Windows 10 and later.
- Profile: Select Templates > Shared multi-user device.
In Basics, enter the following properties:
- Name: Enter a descriptive name for the new profile.
- Description: Enter a description for the profile. This setting is optional, but recommended.
In Configuration settings, depending on the platform you chose, the settings you can configure are different. Choose your platform for detailed settings:
In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as
US-NC IT Teamor
JohnGlenn_ITDepartment. For more information about scope tags, see Use RBAC and scope tags for distributed IT.
In Assignments, select the devices group that will receive your profile. For more information on assigning profiles, see Assign user and device profiles.
Be sure to assign the profile to device groups in your organization.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
The next time each device checks in, the policy is applied.