Allowing Authenticator App as part of Hello for Business

DaveK 1,851 Reputation points

As part of our attempts to limit access from unmanaged devices we have a rule in place in Conditional Access which blocks unmanaged Android and iOS devices, along with other rules to allow Intune managed devices things have been working well but we've run into issues with Hello for Business. I'm more towards Mobile management for phones so I've been asked if we can do anything to allow the authenticator app in Conditional Access however it doesn't seem to be available as an option to create a rule against.

Another member of staff is working on setting up Hello for Business but the Authenticator app keeps getting blocked and we don't see an obvious way around it. We would like to roll Hello out to all users so they can use PIN for sign-in and have the number pop up on Authenticator for MFA.

Any suggestions on how we might get around it?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,488 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2022-11-16T21:49:15.987+00:00

    Hello @DaveK and thanks for reaching out. Microsoft Authenticator App does not work directly with Windows Hello for Business. It does indirectly as an Azure AD MFA authentication method.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    0 comments No comments