Forum Discussion
Request for Windows GINA/CP logon agent for Microsoft Authenticator (MFA)?
Hi, We have domain joined Windows 10 computers, synced to Azure AD (hybrid join). In Azure we have conditional access MFA. Devices are managed by MECM/Intune. How can we enable MFA prompt dur...
ChristianJBergstrom How do you set up a conditional access policy to require MFA at windows logon?
Steve Whitcher BilalelHadd Hello folks, seems as I misinterpreted the initial question. As noted I responded as how to configure passwordless with Authenticator.
What's the use case here Mirza Dedic? Ever considered using FIDO2 keys if security is the primary requirement.
- The use case here is to protect Windows login with strong authentication by enabling multi-factor during login process (as an alternative to Windows Hello). When I login to Windows using my corporate user/pass, use Authenticator app to approve/deny the login.
Duo does this for us, it prompts for MFA during login to Windows. We would like to standardize on using Azure MFA (conditional access). Okta has an agent you can install that does this as well.
Here is what it looks like: https://i.ibb.co/Lknzc7S/login-ss.png- I get it, and the FIDO2 not an option?
It would be beneficial if we can leverage our existing MFA (AAD P2) subscription without additional overhead of carrying around a Yubico FIDO2 security key.
If there was a Windows GINA/CP logon agent that can be deployed and invoked during login, it would be trivial to roll this out in an MECM/Intune managed environment. It would be very useful for us.
