Allowing Authenticator App as part of Hello for Business

DaveK 1,871 Reputation points
2022-11-14T13:47:57.803+00:00

As part of our attempts to limit access from unmanaged devices we have a rule in place in Conditional Access which blocks unmanaged Android and iOS devices, along with other rules to allow Intune managed devices things have been working well but we've run into issues with Hello for Business. I'm more towards Mobile management for phones so I've been asked if we can do anything to allow the authenticator app in Conditional Access however it doesn't seem to be available as an option to create a rule against.

Another member of staff is working on setting up Hello for Business but the Authenticator app keeps getting blocked and we don't see an obvious way around it. We would like to roll Hello out to all users so they can use PIN for sign-in and have the number pop up on Authenticator for MFA.

Any suggestions on how we might get around it?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2022-11-16T21:49:15.987+00:00

    Hello @DaveK and thanks for reaching out. Microsoft Authenticator App does not work directly with Windows Hello for Business. It does indirectly as an Azure AD MFA authentication method.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.