The settin is off, still getting prompt of MFA authentication
How can I disable MFA on initial logins for our Windows provisioned devices?
Hi I wandering if you can assist. My company currently uses Intune for our Windows devices and our current process is set that on enrollment when a user tries to log in they will need to use MFA. My question is I would like to bypass this for the initial log in. I don't want it fully disabled just on initial log in. We would like it so the end user does not need a second device when signing in for the first time. However we do want them at a later date to use MFA for obvious security reasons. Do you know if this is possible please and how?
Microsoft Security | Intune | Enrollment
3 answers
Sort by: Most helpful
-
-
Saumil Joshi 1 Reputation point
2023-01-16T19:32:13.0633333+00:00 Hi
Disabling MFA is not recommended by MS, try to enroll phone first with Authenticator app so when user try to get authenticated its allow them to enroll device.
-
Rahul Jindal [MVP] 10,911 Reputation points MVP
2023-01-16T22:40:53.7733333+00:00 You can consider using TAP to allow passwordless enrollment during Autopilot provisioning. Once done, users can authenticate normally using whatever MFA method you have configured in the tenant.