Forum Discussion
Autopilot Resett and MFA for Device Registration
MFA is enforced over CA-Policy for Device Registration.
When we apply an autopilot-resett via Intune admin center, the assigned user must login again and perform MFA after autopilot Provisioning. Otherwise the userbased apps and policies are not assigned and the device is not full enrolled. Is there a solution to perform mfa during esp in autopilot?
3 Replies
Just wondering but are you using WIndows hello/requiring Windows hello as that holds the mfa claim.. and with it your users wont be prompted for it
- I see in eventlog:
Event ID 212: MDM Session: Failed to get AAD Token for sync session User Token: (Unknown Win32 Error code: 0xcaa10001) Device token (unsupported feature) - Windows Hello is disabled on tenant-level but activated with config profile. Also Windows hello post login Provisioning is disabled. We want that user can register for windows hello but don't need to.
Windows Hello is not required for mfa
