Forum Discussion
Prompted to sign in to Microsoft Defender Platform on W11/W2025 using Entra
Hi Microsoft Defender XDR community,
Since around May 18th, our users on devices that are onboarded to Microsoft Defender for Endpoint are being prompted to sign-in to the following application using Entra on login to Windows.
Application
Microsoft Defender Platform
Application ID
cab96880-db5b-4e15-90a7-f3f1d62ffe39
Is anyone aware of a change that requires user sign-in to Entra as a requirement for Microsoft Defender for Endpoint? I have tried raising a support topic on this topic.
Regards
Chris
2 Replies
We have this prompts too. Since 1-2 weeks.
The sign-in prompts seems to reoccure every hour or so.
The clients are anboarded to MDE, joined to Active Directory only - not hybrid and not Entra ID registered.Proxy for MDE is configured via https://learn.microsoft.com/en-us/defender-endpoint/configure-proxy-internet#configure-the-proxy-server-manually-using-a-registry-based-static-proxy-setting
Hi chrisnelmes,
The application itself is legitimate. While I haven’t seen any Microsoft announcement introducing a new Defender for Endpoint sign-in requirement, I’d also validate the device Entra registration and PRT status (dsregcmd /status) on affected devices. We’ve seen authentication prompts caused by token or device registration issues, Conditional Access evaluations, or service-side changes following platform updates. Interested to hear what Microsoft Support comes back with.
