Forum Discussion

Mirza Dedic's avatar
Mirza Dedic
Brass Contributor
Oct 12, 2021

Request for Windows GINA/CP logon agent for Microsoft Authenticator (MFA)?

Hi,   We have domain joined Windows 10 computers, synced to Azure AD (hybrid join). In Azure we have conditional access MFA. Devices are managed by MECM/Intune.   How can we enable MFA prompt dur...
Access Management
Azure Active Directory (AAD)
Identity Management
ChristianJBergstrom's avatar
ChristianJBergstrom
MVP
Oct 13, 2021

Mirza Dedic Hello, yes of course. You can go passwordless with the Authenticator, you can even narrow it down so it's the only option that can be used (but perhaps not recommended). You simply have to enable it in Azure and add your users.

 

 

 

 

 

Then use a conditional access policy requiring MFA and direct your users to https://aka.ms/mysecurityinfo to set up their info.

 

You can also use a TAP if no other methods are set up 

Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods | Microsoft Docs

 

For reference 

Passwordless sign-in with the Microsoft Authenticator app - Azure Active Directory | Microsoft Docs

Steve Whitcher's avatar
Steve Whitcher
Bronze Contributor
Oct 13, 2021

ChristianJBergstrom How do you set up a conditional access policy to require MFA at windows logon?