Share via

Conditional Access Gap Analyzer workbook in AAD

AdamBudzinskiAZA-0329 96 Reputation points
2022-10-07T09:27:58.013+00:00

Hi,

I’m looking at the Conditional Access Gap Analyzer workbook in AAD (AAD-Workbooks - Conditional Access Gap Analyzer). I don’t understand what the reasoning is behind including Windows Sign In events when the Windows sign in process does not support MFA.

Windows Sign In

There is no option to configure it as part of CAP rules, at least not natively. Or is it just to let me know, hey your using single factor authentication for Windows sign-ins, since I could configure MFA through Conditional Access rules for Windows sign-ins with 3rd party tools such as Duo?

Thanks !

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,621 Reputation points Microsoft Employee Moderator
    2022-10-10T10:08:38.863+00:00

    @AdamBudzinskiAZA-0329 Thank you for reaching out to us. As I understand you are looking for information on Windows Sign in column within Conditional Access Gap Analyzer workbook.

    As per my research, Windows Sign in in above screenshot refers as Windows Hello for Business sign-in, it is a form of MFA, which utilizes the PRT, gets the claim, satisfies the strong authentication and Azure AD honors that claim.

    For reference: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/why-are-my-users-not-prompted-for-mfa-as-expected/ba-p/1449032 has more detailed information about the same.

    Let me know if you have any further questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.