Mar 24 2020 10:33 AM - edited Mar 26 2020 07:52 AM
Dear community members,
I hope I am posting at the right board.
Facing few issues with MFA enabled & enforced for our users.
https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
'An issue has been identified with Hybrid Azure AD joined devices that have enabled multi-factor authentication (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.'
Current workaround for 1 to 4 is to disable MFA, (3rd issue workaround suggested by MS support was to let the user login to the computer using their email id and password rather than the local AD credential, but this rarely works and we depend on our MFA disable/enable workaround instead) let the user login to portal and then while they are logged in, enable & enforce MFA again, generate a new app password (as the old one gets cleared when you disable MFA) and then wait for few minutes (app password doesn't seems to be immediately accepted by Outlook/Teams) and apply it to the clients.
Anyone facing these issues?
Mar 25 2020 12:26 AM
Neither Teams nor Outlook requires app passwords, only old versions (Office 2010, 2013) do. If you are seeing the "legacy" auth prompt, make sure that modern auth is enabled *both* service- and client-side.
Mar 26 2020 07:49 AM
@Vasil Michev Thank you
I've now set modern auth and outlook clients now prompting with modern auth login page.
Still need to see if anyone else facing other issues as listed above
Apr 15 2020 01:58 AM
We are still seeing Teams not working in certain W10 machines after enabling MFA. Anyone else?