Forum Discussion
Default security settings for Office 365 for first account logon on new device
Yup, they are connected. The PIN code requirement is enforced from the device, that's basically the "gesture" used for Windows Hello (or the fallback in this scenario). As this is considered very sensitive, it triggers the MFA challenge as well. You can disable it via GPOs (not recommended) or you can use an Intune policy that does not require Windows Hello (and thus the MFA challenge): https://docs.microsoft.com/en-us/intune-classic/deploy-use/control-microsoft-passport-settings-on-devices-with-microsoft-intune
Marco de Bock For me, I found the requirements were coming from the Security Defaults on the new Azure Domain. Disabling them removed the "Your admin has required that you set up this account for additional security verification" message during AutoPilot and basically work. Hope this helps someone!