Do not display last logged on user

For security reasons a customer wanted to get rid of the username displayed in the logon screen. The best practices of this setting depends on your security requirements for displayed logon information. If you have devices that store sensitive data, with monitors displayed in unsecured locations, or if you have devices with sensitive data that are remotely accessed, revealing logged on User Principal Name could be a security risk. in this specific case the customer wanted to use this setting for they personal device.

The setting can be set through endpoint manager, before the setting catalog we had to make a endpoint protection policy.

Because the Settings Catalog will go out of preview (link) I created the setting in the settings catalog and created a little about it

Create Setting Catalog policy

Go to Endpoint manager link click on Devices, Configuration profiles and click on the + sign to create a profile.

Set the following setting Windows 10 and later and profile type Setting Catalog (for now still preview) and click Create

After the first step fill in a name and if you want a description and click Next

Click on + Add settings, the settings popup will appear.

Create the setting

In the search field fill in Interactive Logon Do Not Display Last Signed In (1) and click Search (2). Click on Local Policies Security options (3). Close this screen by clicking the X

Now the setting tab is available to set the right settings to not show the username

To do this just flip over the setting to enabled (

Interactive logon: Don’t display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled.)

and click next

How will it look in the user perspective

After setting the policy the screen below will be the view in a user perspective.