Nov 10 2019 08:05 AM - edited Nov 13 2019 07:24 AM
Update: thanks for all the suggestions, I figured out it was the Windows insider that was causing it.
when I installed Windows 10 build 1909 on a Hyper-V VM and signed into it during installation using AAD, i was not asked to provide phone number.
it was also a new user that I created with no admin rights.
I'm trying to build an AAD-based environment, created few users with standard rights (non-administrators). when I go to one of my Windows 10 machines and try to join it to AAD using work/school account, after entering Email and password, I'm presented with this screen asking for phone number and verification. I'm looking for a way to stop it from appearing.
there is another option in that drop down menu that is for using authenticator app to receive codes but I want to entirely disable this "additional security verification" for the users I create in my ADD.
Nov 10 2019 11:10 AM
@HotCakeX This prompt would be from the self-service password reset functions in AAD. If you attempt to disable it, then users would not be able to reset their own password.
If you want to try, in AzureAD set Self Service Password Reset to either select or none. Then redo the join.
The prompt will still appear if you require AzureAD MFA as well. When you join a PC, it will MFA the user.
Cheers
Craig
Nov 11 2019 01:48 AM
@Craig Wilson wrote:@HotCakeX This prompt would be from the self-service password reset functions in AAD. If you attempt to disable it, then users would not be able to reset their own password.
If you want to try, in AzureAD set Self Service Password Reset to either select or none. Then redo the join.
The prompt will still appear if you require AzureAD MFA as well. When you join a PC, it will MFA the user.
Cheers
Craig
Thank you,
so I went to my Azure Active Directory Admin Center
https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/PasswordReset
and it was set to "none" by default
And then I saw this notice:
So I think end-users are normal/standard/non-admin users.
so far everything is set correctly, right?
but I am still getting this message!
Nov 11 2019 02:08 AM
I also checked out this place
Everything looks fine here too.
is there any other place I can check? I have no idea why it's still telling me that my organization needs additional information.
by the way, I'm using trial 1 month subscription for Office 365 Business Premium.
Nov 11 2019 09:13 AM
In Windows 10 version 1803 Microsoft introduced a setting that required accounts to have a password reset option. The setting was forced for Admin accounts. This could be what is impacting you. The settings you have shown are the correct ones for disabling self-service password reset.
The method to get around the local admin being forced was to create a local user first on the workstation, then disable the local policy. This would not work on a clean install as someone would have to login first.
How are you deploying Windows 10 is it via autopilot?
You could try setting the account up for password reset then try the Windows 10 again? You should be able to do this by assigning a user a mobile number in Azure AD.
I will try a few things later today and see if I can get the around the prompt.
Cheers
Craig
Nov 11 2019 10:32 AM