Nov 10 2019
- last edited on
Jul 24 2020
Update: thanks for all the suggestions, I figured out it was the Windows insider that was causing it.
when I installed Windows 10 build 1909 on a Hyper-V VM and signed into it during installation using AAD, i was not asked to provide phone number.
it was also a new user that I created with no admin rights.
I'm trying to build an AAD-based environment, created few users with standard rights (non-administrators). when I go to one of my Windows 10 machines and try to join it to AAD using work/school account, after entering Email and password, I'm presented with this screen asking for phone number and verification. I'm looking for a way to stop it from appearing.
there is another option in that drop down menu that is for using authenticator app to receive codes but I want to entirely disable this "additional security verification" for the users I create in my ADD.
Nov 11 2019 02:14 AM
Nov 11 2019 02:57 AM - edited Nov 11 2019 03:12 AM
I did what you suggested but it's still asking for phone number.
the user I created is a normal (non-Administrator) user and password reset self service is set to "none".
I'm using the Microsoft 365 Business Trial.
the Windows 10 that I am trying to sign in into has already a local administrator (an outlook.com personal account).
also I am using Windows 10 insider fast ring build 19018.
this is where I am trying to sign in.
Nov 11 2019 03:02 AM
Nov 11 2019 03:09 AM
I'm trying to log in on the page I showed in my screenshot above, Windows 10 settings.
also MFA is disabled for all my accounts
Nov 11 2019 04:55 AM
Also look in Azure AD > Sign Ins and look at the logins, click on Conditional Access and it will say if any policies were applied.
Also FYI that page which shows if MFA enable or no always shows disabled if MFA is enforced through either of the above methods.
Nov 11 2019 05:53 AM - edited Nov 11 2019 05:57 AM
thank you, that FYI is also very helpful
in my AAD sign-ins, I get this
"To see sign-in data, upgrade your organization's subscription to include Azure AD P1 or P2. Your current license status: Azure AD Free"
I activated E5 enterprise plan trial and now I can see the list, in the conditional access column, it says "not applied", for all of them
also in the ADD conditional access, all of them are off.
is it possible that Windows insider program has something to do with this?
May 13 2020 03:11 AM
Mar 23 2021 04:19 PM
I have disabled Azure >> Properties >> Manage Security defaults >> set to "No"
and i'm still being prompted with a 2fa when enrolling a new device.
How can I turn of 2fa for my entire organization in O365 and Azure. We use a different IdP and have 2fa turned on with that platform and do not need it in Microsoft.
Jun 07 2021 08:37 AM - edited Jun 07 2021 08:39 AM
is there a way to manage "additional security verification" prompt (no Windows Insider OS) ? Windows Hello for Business (Intune) is not configured; Azure > Properties > Manage Security defaults > already set to No.
I noticed it is related to PIN request (for devices joined to Azure AD and managed by Intune): if end-user try to configure PIN, additional security info appears (of course, just first time). Is there a way to force/enable PIN request but disable security verification ?
Jun 30 2021 05:28 AM
@lucafabbri365 We are also currently working on Windows Hello for Business.
These laptops are Azure AD Joined and are managed through Intune.
Our customer does not want to use the Microsoft Authenticator app.,
an SMS or telephone call is fine.
How can we disable the Authenticator App. We already have the authenticator app
turned off at. SSPR and at the authentication methods. Nevertheless, we do get
the prompt to use the authenticator app.