Login to Windows 10/11 with Microsoft Account through MFA

Luca Chiavarini 71 Reputation points
2022-12-21T09:37:59.767+00:00

I would like to set up 2-factor authentication for Windows (10/11) login. How can I do this using the Microsoft account (registered on the device and on Azure) without using third-party software?

The other thing I would like to do is to set it up through Azure AD or Intune (since all the devices in my tenant are registered on Azure AD and Intune, and they log in to Windows with their microsoft account). How could I do it?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator
{count} votes

4 answers

Sort by: Most helpful
  1. Nagappan Veerappan 651 Reputation points Microsoft Employee
    2022-12-28T01:57:04.967+00:00

    @Luca Chiavarini - Login locally /Unlock to windows machine is "Single factor" requirement. Hence once password login they would be able to access the desktop.

    Also, its depends on what type of infra (hybrid or cloud only)

    If it's hybrid users and you want Password + MFA when RDP to the clients. there are few other routes we can take a look if that suits your need. Like NPS extension with Azure MFA. Also, RDS infra with Azure MFA.
    https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-nps-extension-rdg
    https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-nps-extension

    Incase, if it is cloud only setup with AADJ + Intune - Best is default WHFB login (PIN or Bio). However if you are still fond of "password" unlock. you can think of enabling "Phone sign-in". user still be able to unlock with password. But any other application access require phone sign-in from authenticator app.

    Hope this helps. Please let us know if you have any more details on your infrastructure


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  3. nettech 171 Reputation points
    2025-02-01T20:22:21.6333333+00:00

    if you have 10 or less users duo solution is free, anything over 10 you would sign up for a duo account but this solution would do exactly what the op asked for just with a 3rd party software all computers would need an rdp agent installed and one or more servers would need to have duo proxy installed

    0 comments No comments

  4. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.