Forum Discussion
Mirza Dedic
Oct 13, 2021Brass Contributor
Request for Windows GINA/CP logon agent for Microsoft Authenticator (MFA)?
Hi, We have domain joined Windows 10 computers, synced to Azure AD (hybrid join). In Azure we have conditional access MFA. Devices are managed by MECM/Intune. How can we enable MFA prompt dur...
Oct 14, 2021
Steve Whitcher BilalelHadd Hello folks, seems as I misinterpreted the initial question. As noted I responded as how to configure passwordless with Authenticator.
What's the use case here Mirza Dedic? Ever considered using FIDO2 keys if security is the primary requirement.
Mirza Dedic
Oct 25, 2021Brass Contributor
The use case here is to protect Windows login with strong authentication by enabling multi-factor during login process (as an alternative to Windows Hello). When I login to Windows using my corporate user/pass, use Authenticator app to approve/deny the login.
Duo does this for us, it prompts for MFA during login to Windows. We would like to standardize on using Azure MFA (conditional access). Okta has an agent you can install that does this as well.
Here is what it looks like: https://i.ibb.co/Lknzc7S/login-ss.png
Duo does this for us, it prompts for MFA during login to Windows. We would like to standardize on using Azure MFA (conditional access). Okta has an agent you can install that does this as well.
Here is what it looks like: https://i.ibb.co/Lknzc7S/login-ss.png
- Oct 25, 2021I get it, and the FIDO2 not an option?
- Mirza DedicOct 26, 2021Brass Contributor
It would be beneficial if we can leverage our existing MFA (AAD P2) subscription without additional overhead of carrying around a Yubico FIDO2 security key.
If there was a Windows GINA/CP logon agent that can be deployed and invoked during login, it would be trivial to roll this out in an MECM/Intune managed environment. It would be very useful for us.
- Oct 26, 2021Not sure when the replacement for Azure UserVoice will be live (Teams UV is still active) but I found this very old request and have no idea if this is the new one.. https://feedback.azure.com/d365community/idea/0fa56c4f-b125-ec11-b6e6-000d3a4f0789
It would have been great to access the former site to see the comments on the MFA requests.
For reference
https://support.microsoft.com/en-us/office/uservoice-pages-430e1a78-e016-472a-a10f-dc2a3df3450a