Forum Discussion

Deleted's avatar
Deleted
Jul 20, 2018

How to logon with Azure AD credentials on a Windows 10 device with MFA enabled

Hi together,   maybe one of you have got the same requirements and run into the same problem.   situation: Windows 10 enterprise or windows 10 s Microsoft Intune Cloud (EMS) Microsoft Multi-Fa...
Conditional Access
Intune
multi-factor authentication
windows 10
Oliver Kieselbach's avatar
Oliver Kieselbach
MVP
Jul 20, 2018

Hi Philipp,

 

it's currently not possible to deploy device certificates with Intune. There is a uservoice item for it where you can vote for:

https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/19805320-deploy-unique-computer-certificates-using-intune-s

 

As long as there are no device certificates you have to use a different authentication for your Wi-Fi. I know it's not ideal at the moment. My customers are struggling with this fact also.

 

If you are using AAD joined devices then I suggest to use Windows Hello for Business for device authentication (Windows Logon). This gives you a kind of MFA (device level, you need to have the device and pin or biometric) for the Windows Logon. For all your cloud applications or published applications via Azure App Proxy I would choose Conditional Access to enforce MFA.

 

best,

Oliver

Resources