Forum Discussion

Andrew1's avatar
Andrew1
Copper Contributor
Oct 11, 2018
Solved

Azure AD Windows Profile is Bypassing MFA

We've had MFA configured for a couple of years now, and are just starting to configure devices so they log into an Azure AD profile on a device with Intune.   With this configuration more or less o...
Access Management
Azure Active Directory (AAD)
Identity Management
  • ChrisWebbTech's avatar
    ChrisWebbTech
    Oct 11, 2018

    It's not bypassing MFA, when you join the machine to Azure AD it requires MFA to join the machine, which can use windows hello to use the TPM chip, turning your device into something you have and your Password / PIN(Hello) as part of the MFA so you no longer have to do MFA to access your office resources from the device itself. The idea is anyone accessing your o365 account on anything other than that device or another joined device you setup, will still need to do MFA to access your resources. If your machine gets stolen lost, they must crack the password, but the machine can be disabled, which will force MFA again.

ChrisWebbTech's avatar
ChrisWebbTech
MVP
Oct 11, 2018
And this is why I love hanging out and participating so much on this site 😂 thanks Vasil

Resources