Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Nov 22, 2023

Does WHfB via Intune prompt for MFA

Hi All

I hope you are all well.

 

Anyway, we are in the process of switching about 300+ W10/11 devices from Microsoft Entra Registered to Entra Joined devices.

 

Everything works as expected as far as I can see.

 

We have implemented Windows Hello for Business at both the Tenant and Device Config levels.

 

I have noticed that when we wipe a device in testing, at the WHfB PIN setup page the user is prompted for MFA.

 

This is the part that's puzzling me as I cannot see any MFA policies setup or in place that require MFA, and we haven't yet turned the MFA Conditional Access policies.

 

It's no biggie, but as a lot of the devices will be remote devices in shops, this MFA prompt could be problematic.

 

Any ideas?

  • Hello StuartK73 

     

    Welcome to the Microsoft community, my name is Recep I'll be happy to help you today.

     

    Please click on the below, it will help you to resolve your issue.

     

    https://learn.microsoft.com/en-us/mem/intune/protect/windows-hello 

     

    If I have answered your question, please mark your post as Solved

    If you like my response, please give it a Like :smile:

    Appreciate your Kudos! Proud to contribute! 🙂

     

    • StuartK73's avatar
      StuartK73
      Iron Contributor

      Deleted 

       

      Hi Buddy

       

      Many thanks for your response. However, the link you supplied is how to setup / configure WHfB which I don't have an issue with as it's working as expected.

      Thanks

  • In Entra ID > Devices > Device settings there is a configuration option here that causes this
    • StuartK73's avatar
      StuartK73
      Iron Contributor
      Hi Buddy

      Many thanks for your response.

      Unfortunately I had checked that too.

      "Require Multifactor Authentication to register or join devices with Microsoft Entra"

      Defo set to NO
      • JosvanderVaart's avatar
        JosvanderVaart
        Iron Contributor
        Do you perhaps have a conditional access policy the requires that when registering security info MFA is enforced?

Resources