How to Disabling the Guest Account using Microsoft Intune

  • This topic is empty.
  • Post
    • January 1, 2025 at 7:14 am
    Weekend Wiki
    Keymaster
    Disabling the Guest Account using Microsoft Intune requires configuring a policy that disables the account on devices managed by Intune. Here’s a step-by-step guide:

    1. Use Endpoint Security Account Protection Policy

    1. Sign in to Microsoft Intune:
    2. Create a new policy:
      • Navigate to Endpoint security > Account protection.
      • Click + Create policy.
    3. Choose platform and profile:
      • Platform: Select Windows 10 and later.
      • Profile: Select Local user group membership.
      • Click Create.
    4. Configure settings:
      • Under Local user group membership, select Local Administrators group or related configuration.
      • Specify excluded accounts, ensuring that the Guest account is not allowed.
    5. Assign the policy:
      • Assign the policy to the required device or user groups.
      • Click Next through the Review and Save process.
    6. Review and deploy:
      • Confirm the policy settings and click Create.

    2. Use Configuration Profiles (CSP Policies)

    Alternatively, you can deploy a configuration policy to disable the Guest account using a Custom OMA-URI setting.

    1. Create a configuration profile:
      • Go to Devices > Configuration profiles > + Create profile.
    2. Select platform and template:
      • Platform: Choose Windows 10 and later.
      • Profile type: Select Custom.
    3. Define OMA-URI settings:
      • Click Add and configure the following:
        • Name: Disable Guest Account.
        • OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_GuestAccountStatus
        • Data type: Integer.
        • Value: 0 (to disable the Guest account).
    4. Assign the policy:
      • Assign the profile to the desired device groups.
    5. Save and deploy:
      • Click Next to finalize and deploy the policy.

    3. Verify the Guest Account Status

    1. Check locally on the device:
      • Open Command Prompt or PowerShell and run: 
        net user guest
      • Ensure the account is listed as account disabled.
    2. Audit policy deployment in Intune:
      • Navigate to Devices > Monitor to confirm the policy status.

    By following these steps, the Guest Account will be effectively disabled on all managed devices via Intune. Let me know if you need more detailed instructions!

  • You must be logged in to reply to this topic.
en_USEnglish
arArabic en_USEnglish