This policy setting allows the administrator to assign a specified credential provider as the default credential provider. If you enable this policy setting, the specified credential provider is selected on other user tile. If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile. Note: A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionAuthenticationCredential Providers. Countermeasure: Enable and configure this setting. Potential Impact: Users could be prompted to use a different credential provider by default.

[defaultcredentialprovider_clsid]

(1) GPO: Computer Configuration\Administrative Templates\System\Logon\Assign a default credential provider (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System!DefaultCredentialProvider