Configure Interactive Logon Message for Users using Intune
In this post, we’ll go through the steps to configure interactive logon message for users using Intune policy. This policy setting displays the text that shows up in the title bar of Windows when they log in.
An interactive logon message is useful to personalize the logon process, provide news or information, and for other similar purposes. Most organizations prefer to display the logon message for all users, and this message appears just before the logon screen and disappears after the user clicks OK.
If you want to display a message at logon to all the users, an interactive logon message policy must be configured in Intune. I have seen many organizations prefer to set a logon message for users displaying the company information, legal notices etc. Another advantage of displaying a warning message before logon may help prevent an attack by warning malicious or uninformed users about the consequences of their misconduct before it happens.
I have covered one such example of displaying the Interactive logon message on domain controllers. There are multiple ways to display an interactive logon message for users :-
- You can run a PowerShell script and use it to display an interactive logon message for users.
- Using group policy, you can configure Legal Notices On Domain Computers.
- You can use Microsoft Intune (Endpoint Manager) to configure an Interactive logon message when users log in to their computers.
If you aren’t using Intune, you can always use a group policy to configure the logon message for users. With Intune settings catalog, you can easily enable and configure the interactive logon message and display it to users.
Interactive Logon Message Settings available in Intune
If you want to display an interactive logon message using Intune for users, you can configure the following settings. We will use both these settings to configure Intune Interactive Logon Message.
- Interactive Logon: Message Text for users attempting to log on – This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
- Interactive Logon: Message Title for users attempting to log on – This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. This text is often used for legal reasons – for example, to warn users about the ramifications of misusing company information, or to warn them that their actions might be audited.
Configure Interactive Logon Message for users using Intune
We’ll now create a new profile in Intune to configure the logon message for users. Use the following steps to configure interactive logon message for users using Intune:
- Sign in to Microsoft Intune admin center.
- Go to Devices > Windows > Configuration Profiles.
- Select Create Profile.
Select Platform as Windows 10 and later and Profile Type – Settings Catalog. Click Create.
On the Basics tab, specify the profile name and profile description. For example, you can specify the profile name as “Configure Interactive Logon Message using Intune“. And description can be something like Specifies a text message to be displayed to users when they log on. Click Next.
On the Configuration Settings tab, select Add Settings.
On the Settings Picker window, type “Interactive Logon” in the search box and click Search. The Interactive Logon message settings are located in the Local Policies Security Options.
Select Local Policies Security Options category and this category includes several settings related to interactive logon. Under Settings, choose the following settings.
- Interactive Logon Message Text for users attempting to log on
- Interactive Logon Message Title for users attempting to log on
You have to configure both the settings since you selected them in the above step.
- Interactive Logon Message Text for users attempting to log on – Specify a text message to be displayed to users when they log on.
- Interactive Logon Message Title for users attempting to log on – Here, you specify a title to appear in the title bar of the window that contains the text message. For example, you can specify the title like Logon Warning, Important Notice etc.
Click Next to continue.
In the Assignments window, specify the groups to which you want to apply this policy. I advise enabling the logon message on a small number of test groups first, and then rolling it out to more groups if the testing is successful. Select Next.
Scope tags are optional, you can assign a tag to filter the profile to specific groups such. Click Next.
Finally, on the Review+Create tab, ensure you have defined the right settings for displaying the interactive logon message for users. Click Create.
You should now see a notification “Configure Interactive Logon Message Using Intune” which confirms the policy has been created successfully. The profile appears under the list of Configuration Profiles in Intune.
You must wait for the policy to apply to the targeted groups and once the devices check-in with the Intune service they will receive your profile settings. You can also force sync Intune policies on your computers. To monitor the deployment, select the policy and review the Device and user check-in status.
End User Experience: Verify Interactive Logon Message for Intune Users
Let’s check to see if the logon message policy is actually applied to devices and what users see when they log on to their device. When the user logs in to the computer, a logon warning title and message text is displayed. From the screenshot below, the message title and text matches the one that we configured in the policy settings. The user can click OK to acknowledge the warning and proceed to log in.
Worth noting that this does not work on devices that use the AutoPilot process
Yes, very important distinction that should be made in this article somewhere. Interactive logon messages will break pre-provisioning (White Glove).
Windows Autopilot – Policy Conflicts
https://learn.microsoft.com/en-us/autopilot/policy-conflicts
You can make it work by assigning the log on message to users instead of the devices. That’s what we had to do.
You can add empty rows with blank spaces for line breaks, using Settings templates CSP for interactive logon messages.
I’d like to know how to configure that message so it looks decent. The line breaks that work in AD (” ,”) don’t work in Intune.
For using commas without it forcing the line break you can use the Single Low-9 Quotation Mark by pressing the following key combo
Alt+0130