The deviceTRUST contextual security policy defines the users that will be managed by deviceTRUST. By default, this does not include members of the local administrators group.
To check if an unmanaged user has signed in, open the Windows Event Log on the remoting or DaaS host system, navigate to APPLICATION AND SERVICE LOGS\DEVICETRUST\ADMIN, and look for Event ID 17.
An unmanaged user signed in
To change the list of managed users, open your active deviceTRUST contextual security policy, navigate to DEVICETRUST CONSOLE, and click the SETTINGS tab. Select LICENSING, navigate to the USERS tab, and check that the user account is not configured in the UNMANAGED USERS directly or via group membership.
Unmanaged Users
If deviceTRUST policies are still not applied to the user, check if the user account is a member of the local administrators group. To do this, start COMPUTER MANAGEMENT on the remoting or DaaS host system, navigate to SYSTEM TOOLS, select LOCAL USERS AND GROUPS, and check that the user is not a member of the ADMINISTRATORS group.
Administrative Users
