'Single Factor Authentication' after Intune device enrollment

Copper Contributor

Hello,

 

We have MFA enforced for all employees through Conditional access. Recently, we started enrolling our company laptops (Windows and Mac) to Intune and also setup 'Windows Hello for Business' as a login method. I noticed that after the enrollment, the user sign in attempts are showing as 'single factor authentication' in the Entra ID sign in logs. Also, it says that there's no conditional access policies getting applied even though we have several CA policies about MFA, session controls etc. 

 

Galaxy876_0-1726754468127.png

I did some research and found out that this is due to Windows Hello for Business. My question is, what is the right course of action here? I'm getting messages on the CA policy page that the users are logging in without any policy coverage which concerns me a bit even though I know we have all the policies set in place. 

Galaxy876_1-1726754715895.png

Galaxy876_2-1726755113737.png

 

Any advice would be appreciated. 

 

1 Reply
Do you have any exclusions for MFA enforcement (Named locations)?
Do you have a conditional access policy to require users to registrer security information?