Control access, accounts, and power features on shared PC or multi-user Windows devices using Intune
Devices that have multiple users are called shared devices, and are a common part of mobile device management (MDM) solutions. Using Microsoft Intune, you can customize shared devices running the following platforms:
- Windows 10/11 Professional
- Windows 10/11 Enterprise
- Windows Holographic for Business, such as the HoloLens
Tip
For iOS/iPadOS shared devices, go to shared device solutions for iOS/iPadOS.
For example, schools have devices that are typically used by many students. School Intune admins can turn on the Shared PC feature to allow one user at a time. Students can't switch between different signed-in accounts on the device. When the student signs out, you also choose to remove all user-specific settings.
With this feature:
End users can sign in to these shared devices with a guest account. After users sign in, the credentials are cached.
You control if the guest account deletes when the user signs off, or delete inactive accounts when a threshold is reached.
As end users use the device, they only get access to features you allow. For example, you:
- Choose when the device goes in to sleep mode
- Decide if users can see and save files locally
- Can enable or disable power management settings
This article shows you how to create a configuration profile, and includes links to the available settings with their descriptions.
When the profile is created in Intune, you deploy or assign the profile to device groups in your organization. You can also assign this profile to device groups with mixed device types and operating system (OS) versions.
Create the profile
Sign in to the Microsoft Intune admin center.
Select Devices > Configuration > Create > New policy.
Enter the following properties:
- Platform: Select Windows 10 and later.
- Profile type: Select Templates > Shared multi-user device.
Select Create.
In Basics, enter the following properties:
- Name: Enter a descriptive name for the new profile.
- Description: Enter a description for the profile. This setting is optional, but recommended.
Select Next.
In Configuration settings, depending on the platform you chose, the settings you can configure are different. Choose your platform for detailed settings:
Select Next.
In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as
US-NC IT TeamorJohnGlenn_ITDepartment. For more information about scope tags, go to Use role based access control (RBAC) and scope tags for distributed IT.Select Next.
In Assignments, select the devices group that receives your profile. For more information on assigning profiles, go to Assign user and device profiles.
Select Next.
Note
Be sure to assign the profile to device groups in your organization.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
The next time each device checks in, the policy is applied.
Related articles
- See all the settings for Windows 10/11 and Windows Holographic for Business.
- After the profile is assigned, monitor its status.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for