Background: We use GCPW to manage a fleet of Windows laptops (Alienware x14s).

Issue: We get constant 2FA checks on every sign-in. It's frustrating!

Strange Fix: We contacted Google Support, and they said, "This is an issue with the OS", and we should set the Group Policy "Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Don't display last signed-in." to "0" or Disabled.

Security: Unfortunately, this policy is required in the UK for certain types of work: not revealing user names on the device, such as the admin usernames, which would otherwise be kept confidential. The Windows documentation says, "If this policy is enabled, the full name of the last user to successfully sign in isn't displayed on the Secure Desktop" and in the recommended usage section, it says it should be used in secure environments (see their support website if the link doesn't work below) https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protec... This is a standard group policy to set. It often appears on lists of standard corporate policies. I've never worked at a company that didn't set this policy (or a progenitor). Google support seems to think this is "an OS issue". But it seems to me like it's a bug with GCPW.

Help: Why aren't more people complaining about this? There must be another workaround (he says with hope). Can you offer any help or a fix?