I'm trying to programmatically clear the cache of credentials stored on a device. I want to make it so that any device that has been off the network for an extended period of time needs to reconnect to the network before they can get passed the SafeBoot screen. Is there any way I can do this? Is there a CLI that I can leverage to do this?
I'm planning on once my service detects that the user has been off the network for too long, clear the credential cache, then force reboot the machine. That will force the user to bring the device back in. Is this possible?
Thanks for any guidance!
There is an option to disable the MDE preboot logon screen if the system does not communicate to the EPO server in 'X' number of days (more specifically, the system needs to complete a policy enforcement for MDE). This can be found in your product settings policy under the 'Log on' tab:
This does not 'force a system log off' nor does it 'clear credentials', however, if you set the synchronization period to the same period your AD credentials expire (ex: 90 days) you can get a similar end result as they would need to bring the system back into the office and reset their credentials anyway.