This blog post will show how you can set a logon message for a Windows 10 1709 Pro or Enterprise machine enrolled into Intune. To do this, I will create a custom Device Configuration profile in Intune and use the “InteractiveLogon_MessageTitleForUsersAttemptingToLogOn” policy CSP to set a message title, and “InteractiveLogon_MessageTextForUsersAttemptingToLogOn” policy CSP to set the message text. To read more about using custom OMA-URI see Custom device settings for Windows 10 devices in Microsoft Intune
You can read more about the interactive logon message here – Interactive logon: Message text for users attempting to log on
For more information about the Policy CSP that we will use:
Login to the Intune portal in Azure https://portal.azure.com
For the message title, go to Intune, then Device configuration, then Profiles, Create Profile, give the profile a name, select Windows 10 and later for the Platform, and select Custom for the Profile type. Then click Configure.
Click on Add, then give it a name, I have chosen Interactive Message Title, and then for the OMA-URI put in “./Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn” and then select String for the Data type. For the value, I have put “WARNING:”
Click on OK a few times then click on Create. Next we will assign the Configuration profile to a group.
Now we will create another Device configuration profile for the message text.
For the OMA-URI, put in “./Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn” and the Data type is String again, and type in your message text.
Also assign this policy to a group.
Once the machine has done a sync and has been restarted, you can see the interactive logon message.
On the Windows 10 1709 machine, you can also open up gpedit.msc and under Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options, we can see the settings.