Hey guys and girls, happy new year and hope you guys are healthy and safe!
I’ve come across of issues of users kept login their own corporate user accounts into a meeting room device through Microsoft Teams. Thus, this will also registered the meeting room device under the user’s account.
Kept manually deleting the devices objects from the user account is not flexible to administrators. Clean up is really not something that as administrators has to do every time a user uses that meeting room device. Our meeting room devices are not hybrid join. So this solution does not really impact the Windows license but this does not mean it would not cause issue for your environment. Recommended that you test it out at your lab environment. Our meeting room devices are custom made/design.
I was able to came across an article that really helps my situation. This solution require to modify the device’s registry editor.
Please run a lab test.
- Launch the registry editor on the affected machine
- Direct to this location HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin
- Create a new DWORD item and name it BlockAADWorkplaceJoin with the value of 1
- Reboot the machine
- You may run a command line “dsregcmd /status” to check the MDM status
- WorkplaceJoined: No
- SSO state: No
If you have multiple devices that you would need to apply this settings you could export and save this registry settings or use PowerShell method. You may refer the PowerShell method via the references below.