Our user devices are split roughly evenly between AD-bound Microsoft and Apple computers, Google Chromebooks and clones, and miscellaneous BYOD devices. Google authentication works great for the ChromeOS devices, and Captive Portal+My Linewize+Permanent Association together do the job for BYOD.
The behaviour of the AD-bound devices is sometimes a bit confusing. My naive expectation was that once a user has been authenticated by AD signon, that device should be theirs until there is a matching AD signout, or an explicit signout through My Linewize. It doesn’t seem to work this way, if they use (or someone else uses) Google in the meantime. I’m not clear whether it’s Chrome signin/signouts (the “Person 1” thing in the Chrome Browser menu) or Gmail/Drive signin/signouts that intervene, but it sometimes happens that the device ends up with no authenticated connection, and no obvious user-friendly way to get one.
Are there any opinions out there, please, on how this should work – with an easy way to explain it to our least sophisticated users?