Persist user selection on login screen after reboot on Windows 11

Question

I use an Azure AD instance for my home desktop logins. To deter my wife from nuking my carefully curated Firefox tabs again, I created an account for her and set it up with Windows Hello and a nice easy PIN for her to log in with.

However, she doesn't want to deal with the kerfuffle of remembering her login email address and as such won't bother with using her own account if the computer has restarted since the last time she used it.

How can I have multiple user profiles (Azure AD, remember?) persist in the recent users menu on the login screen even after a restart? Akin to something like the old Windows XP user select perhaps?

Answer 1

Based on the comments, the following changes to Group Policy were sufficient to achieve what I required.

Using gpedit, modify the following:

• Computer Configuration > Administrative Templates > System > Logon:
  • Enumerate local users on domain-joined computers: Enabled
  • Do not enumerate connected users on domain-joined computer: Not Configured
• Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options:
  • Interactive Logon: Do not display last signed-in: Disabled

There may be an "Azure" way to do this. If I discover it, I will update this question.

Answer 2

In InTune configure a custom device profile to set the following items:

Administrative Templates > System > Logon:

Do not enumerate connected users on domain-joined computers -> Disabled

Enumerate local users on domain-joined computers -> Enabled

Local Policies Security Options > Interactive Logon:

Do Not Display Last Signed In -> Disabled (username will be shown)