Forum Discussion
Turning off MFA during autopilot enrollment
How will I turn off MFA during autopilot device (windows 10) enrollment? I saw some articles using conditional access policies. But, if it is enabled where will it be enabled and how can I turn i...
Hi, by the looks of it, you want to turn off the global setting to require MFA for devices that are getting enrolled. YOu can do so within devices/enroll devices/Windows hello for business
When this setting is not configured or enabled, the user will get prompted to setup mfa during enrollment.
You could turn this off by setting it to disabled.
Of course its not best practise to disable this setting but sometimes people disable this setting to scope it to a specific amount of users by configuring a policy
When this setting is not configured or enabled, the user will get prompted to setup mfa during enrollment.
You could turn this off by setting it to disabled.
Of course its not best practise to disable this setting but sometimes people disable this setting to scope it to a specific amount of users by configuring a policy
Rudy_Ooms_MVP Apologies for opening up an old thread, but I am trying the method you suggested for disabling users being prompted for MFA during autopilot. Regardless of whether or not I set the value of "Configure Windows Hello" to Disabled or Enabled, I am prompted to enter in values for pin length, complexity, etc. Are those values just being displayed but not applied if the "Configure Windows Hello" setting is set to disabled?
My end goal is to have users not be prompted for MFA during autopilot as well as to not be prompted for a pin during account setup. (No Biometric or Pin)
- Exclude Intune enrollment apps from MFA CA policy. Disable requirement for MFA for users under azure devices settings for Azure AD join. Disable WHfB in Intune at the tenant level and also through a device identity profile. Having said all of the above, it is not recommended to exclude the devices from MFA during Intune enrollment.
