A while back I investigate if there was any possibility to lock down a Windows 10 or 11 device that gets provisioned with Autopilot and enrolled in to Azure AD and Intune to only allow the user who enrolled the device to be able to logon to that specific machine.
