Have you considered biometrics? A fingerprint reader will generally allow either 5 or 10 fingerprints per user account (one for each finger), or in theory, 5-10 people on one user account (just scan each person's finger into a different location).
This won't work if it's in an industrial location - the reader will get dirty, fingers are dirty, grime, dust, all bad for biometrics. And it's not exactly foolproof either (there was a great Mythbusters episode on this), but it should keep honest users out.
I also saw a brilliant system at TradeLink of all places (too bad it didn't stop them from screwing up our order).
They had Sun Thin Clients with smartcards. Every time the hopped up from their desk and took their card with them, the session would lock. Pop it back in, and session would un-lock.
Of course, being thin-client it means that it relies on a Terminal Server and I'm guessing given the sensitive nature of your equipment this wouldn't be practical, but if it exists at a thin client level, I'm sure that there'll be a product that works with traditional desktops as well.
For Git Bash
If you are running msysgit (I am assuming you are) and are looking to run Git Bash (I recommend it over TortoiseGit, but I lean to the CLI more than GUI now), you need to figure out what your home directory is for Git Bash by starting it then type pwd (On Windows 7, it will be something like C:\Users\phsr I think). While you're in Git Bash, you should mkdir .ssh.
After you have the home directory, and a .ssh folder under that, you want to open PuTTYgen and open the key (.ppk file) you have previously created. Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to HOME\.ssh\id_rsa. After you have the key at that location, Git Bash will recognize the key and use it.
Note: Comments indicate that this doesn't work in all cases. You may need to copy the OpenSSH key to Program Files\Git\.ssh\id_rsa (or Program Files (x86)\Git\.ssh\id_rsa).
For TortoiseGit
When using TortoiseGit, you need to set the SSH key via pacey's directions. You need to do that for every repository you are using TortoiseGit with.
Best Answer
I ended up using
certutil -csp NGC -keyto list all credentials stored in windows hello for business. Then I usedcertutil -csp NGC -delkey <name>to remove the ones that did not havelogin.windows.netin the name to clean up all other credentials.This was not a 100% fix for me as intune seemed to have restored some of the old certificates, but at least i can manage the situation now.