Summary


In order to use Microsoft Whiteboard effectively in the Meeting Room environment we recommend that you configure the Whiteboard to NOT prompt to cache User Credentials to the logged in Meeting Room Account.


Microsoft does NOT provide a programmatic means to disconnect connected "Work and School Accounts" or General Microsoft Accounts "Email and App Accounts" . The current version of Quicklaunch provide a setting to block the addition of these accounts.

Note: These settings update registry settings in Windows 10 (local machine policies) - The use of these settings may require that you update your Windows 10 Operating system.



Detail


1. Do not cache "work or school" accounts


In Quicklaunch Settings under System->Policies enable "Do not cache "work or school" accounts


This will disable the prompt for caching credentials when signing into Microsoft Whiteboard with a 'Work or School Account'




When logging into Microsoft Whiteboard you will not be prompted to cache your credentials.



Note: If any "Work or School" accounts have been previously cached you will need to disconnect them from the Windows Meeting Room Account manually. 

(There are situations where it may be necessary to create a new account if this does not clear the cached account information).



Technical Notes

This setting updates the Windows 10 Registry for Local Machine Policy


Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\"BlockAADWorkplaceJoin"=dword:00000001



Requirements:


It blocks the user from being prompted to cache a "Work or School"

came out March 19, 2019 with Windows 10 1803 release with KB4489894


Some other info: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan


LIMITATIONS:


Only applies to "Work or School" Office365 accounts - NOT to "Microsoft Accounts: : live, hotmail, MSN, outlook.com accounts

Will NOT clear ANY cached accounts, just prevents adding them (If any previous accounts are cached, they will have to be disconnected manually)

Tested MS Collaboration software



      • Excel (Works)
      • Word (Works)
      • PowerPoint (Works)
      • Paint3D (Does not support Office 365 accounts)
      • Sticky Notes (Works)
      • Sway (Works)
      • MS Store (Works)
      • one drive (Works)

Must have latest windows & updates


https://quicklaunch.ucworkspace.com/solution/articles/3000088346-do-not-cache-microsoft-work-or-school-accounts




2.  Block Consumer Accounts for UWP Apps


In Quicklaunch Settings under System->Policies enable "Block Consumer Accounts for UWP Apps" accounts


This setting blocks the ability for User to log into UWP application with personal accounts (non-work or school)



Note: If any "Email & app" accounts have been previously cached you will need to disconnect them from the Windows Meeting Room Account manually.

(There are situations where it may be necessary to create a new account if this does not clear the cached account information).



When logging into Microsoft Whiteboard you will blocked from using a Personal Account



Technical Notes

This setting updates the Windows 10 Registry for Local Machine Policy


Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftAccount\" DisableUserAuth "=dword:00000001



LIMITATIONS

Will prevent some UWP apps from signing into personal Microsoft accounts but not all.

Word (Does not work)

Excel (Does not work)

PowerPoint (Does not work)

Whiteboard (Works - Displays blocked by group policy popup)

Paint 3D (Works - Displays blocked by group policy popup)

Sticky Notes (Works - Displays blocked by group policy popup)

Sway (Works - Displays blocked by group policy popup)

MS Store (Works - Displays blocked by group policy popup)

One Drive (Does not work)

Will prevent personal Microsoft accounts from being added to 'Email & Accounts' manually (Displays blocked by group policy popup)

Does not impact Office365 accounts


Note:  

Microsoft does not provide a means of NOT caching the local account information to the Windows account setting.   


The following Documented methods do not work.


Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"NoConnectedUser "=dword:0000001 - Does Not keep the account from being cached to Email and App accounts

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowYourAccount\”Value” =dword:000000 - Does Not keep the account from being cached to Email and App accounts