Forum Discussion
What exactly is the AppDisplayName "Microsoft Authentication Broker"
As far as I know, the Authentication Broker is the Module integrated into Intune Company Portal / Microsoft Authenticator App to Enable Cross-Application SSO between Mobile Applications that use Entra ID Authentication on iOS and Android, I presume you are seeing mobile Apps attempting to use the Credentials Cached on the Device.
It is also used to Register Devices in Intune.
So to trigger it yourself you would have to use a Mobile App that has Entra ID SSO built in - Teams is a good example.
You will Find the Application, that the User actually wanted to open, in the Non-Interactive Sign-ins through the Correlation ID (I will not give a KQL answer since I don't know what you are trying exactly, I am referring to the Entra ID Sign In Log GUI).
How often should I be expecting this app to trigger? Based on your description, I would assume this app is triggered for every signin to verify/check MFA requirements?
- this expected each time the user needs to satisfy the MFA requirements by claim in the token
- OK thanks. How is this done from the user perspective? Because I don't understand how username/password is being prompted from this app then. I understand it as something that is triggered in the background when MFA needs to be satisfied and is never "seen" from the user.