This KB will guide you on how to create an MDM payload to disable Console Login Access.
When Console Login is enabled the Console can be seen at the Login Screen. This can present a security risk for your company since you would not want the wrong person accessing your end-users console. By disabling Console Login Access, you can guarantee that the contents of the console are only seen by logged in users.
I need to disable Console Login Access, how do I do it?
Console Login Access can be disabled via a Login Window MDM Payload. To create such payload you will navigate to Policies>Catalog>MDM Configurations>macOS>Login Window payload. Once you are there, you can name your configuration and go to the Options tab. Under the Options tab, you will see an Enable console login option. Make sure Enable console login is unchecked so that it is disabled for your end-users.
This payload will look as below.
Once you finish adding additional settings to the Login Window payload you can click on Create Configuration, add the configuration to a policy, and deploy the changes.
Your end-users devices are a bit more secure now!