This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 30%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
As part of our attempts to limit access from unmanaged devices we have a rule in place in Conditional Access which blocks unmanaged Android and iOS devices, along with other rules to allow Intune managed devices things have been working well but we've run into issues with Hello for Business. I'm more towards Mobile management for phones so I've been asked if we can do anything to allow the authenticator app in Conditional Access however it doesn't seem to be available as an option to create a rule against.
Another member of staff is working on setting up Hello for Business but the Authenticator app keeps getting blocked and we don't see an obvious way around it. We would like to roll Hello out to all users so they can use PIN for sign-in and have the number pop up on Authenticator for MFA.
Any suggestions on how we might get around it?
Hello @DaveK and thanks for reaching out. Microsoft Authenticator App does not work directly with Windows Hello for Business. It does indirectly as an Azure AD MFA authentication method.
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.