How can I disable MFA on initial logins for our Windows provisioned devices?

Anonymous
2023-01-16T12:31:29.7666667+00:00

Hi I wandering if you can assist. My company currently uses Intune for our Windows devices and our current process is set that on enrollment when a user tries to log in they will need to use MFA. My question is I would like to bypass this for the initial log in. I don't want it fully disabled just on initial log in. We would like it so the end user does not need a second device when signing in for the first time. However we do want them at a later date to use MFA for obvious security reasons. Do you know if this is possible please and how?

Microsoft Security | Intune | Enrollment
{count} votes

3 answers

Sort by: Most helpful
  1. フマガイン サンジープ 10 Reputation points
    2023-05-24T09:34:53.0266667+00:00

    The settin is off, still getting prompt of MFA authentication

    2 people found this answer helpful.
    0 comments No comments

  2. Saumil Joshi 1 Reputation point
    2023-01-16T19:32:13.0633333+00:00

    Hi

    Disabling MFA is not recommended by MS, try to enroll phone first with Authenticator app so when user try to get authenticated its allow them to enroll device.

    0 comments No comments

  3. Rahul Jindal [MVP] 10,911 Reputation points MVP
    2023-01-16T22:40:53.7733333+00:00

    You can consider using TAP to allow passwordless enrollment during Autopilot provisioning. Once done, users can authenticate normally using whatever MFA method you have configured in the tenant.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.