Forum Discussion

Galaxy876's avatar
Galaxy876
Copper Contributor
Sep 19, 2024

'Single Factor Authentication' after Intune device enrollment

Hello,

 

We have MFA enforced for all employees through Conditional access. Recently, we started enrolling our company laptops (Windows and Mac) to Intune and also setup 'Windows Hello for Business' as a login method. I noticed that after the enrollment, the user sign in attempts are showing as 'single factor authentication' in the Entra ID sign in logs. Also, it says that there's no conditional access policies getting applied even though we have several CA policies about MFA, session controls etc. 

 

I did some research and found out that this is due to Windows Hello for Business. My question is, what is the right course of action here? I'm getting messages on the CA policy page that the users are logging in without any policy coverage which concerns me a bit even though I know we have all the policies set in place. 

 

Any advice would be appreciated. 

 

  • Do you have any exclusions for MFA enforcement (Named locations)?
    Do you have a conditional access policy to require users to registrer security information?

Resources