Jan 04 2023 12:12 AM - edited Jan 04 2023 04:16 AM
Hello!
Quick info: Authenticating with a security Key in PowerShell keeps failing and I've been browsing the web for a way to upload AutoPilot HWID with Get-AutopilotInfo -Online with a FIDO2 key requirement without results.
Therefore I tried to exclude "Microsoft Intune Enrollment" in the FIDO2 conditional access policy but I was unable to get it to work. Is "Microsoft Intune Enrollment" the correct App to exclude or should I look into excluding something else to bypass Security Key requirement?
Jan 04 2023 01:49 AM
Jan 04 2023 02:57 AM
Jan 04 2023 03:20 AM - edited Jan 04 2023 03:20 AM
Huh.. okay... so you are trying to upload the hwid to the autopilot service and you want to require a fido key to do so?
The Microsoft Intune Enrollment is used to enroll a device into intune... But as you are trying to exclude them from the ca policy, I assume uploading the hwid istn working....?
Jan 04 2023 06:26 AM - edited Jan 04 2023 06:27 AM
I cannot get past the authentication as it keeps prompting to authenticate with Security Key..
In powershell Security key as authentication method gets stuck and doesnt go through, hence the situation i would like to bypass the conditional access policy that's requiring the security key during device enrollments.
Jan 04 2023 06:29 AM
Jan 04 2023 09:20 AM
Jan 05 2023 01:37 AM
Jan 05 2023 01:55 PM - edited Jan 09 2023 09:38 AM
Then consider using a dedicated account not setup for FIDO for the purpose of uploading the hashids when using -online parameter. I am not sure of how your CA policies are setup, but excluding the Intune enrolment apps is not recommended from a security standpoint.
Jan 09 2023 06:16 AM