Forum Discussion
Solved
Default security settings for Office 365 for first account logon on new device
I am trying to figure out where to change the security settings on Office 365 when a user logs on to a new device for the first time. Story: I created a new Office 365 tenant, added some standard...
Yup, they are connected. The PIN code requirement is enforced from the device, that's basically the "gesture" used for Windows Hello (or the fallback in this scenario). As this is considered very sensitive, it triggers the MFA challenge as well. You can disable it via GPOs (not recommended) or you can use an Intune policy that does not require Windows Hello (and thus the MFA challenge): https://docs.microsoft.com/en-us/intune-classic/deploy-use/control-microsoft-passport-settings-on-devices-with-microsoft-intune
Marco de Bock For me, I found the requirements were coming from the Security Defaults on the new Azure Domain. Disabling them removed the "Your admin has required that you set up this account for additional security verification" message during AutoPilot and basically work. Hope this helps someone!