Allowing Authenticator App as part of Hello for Business

DaveK 1,836 Reputation points
2022-11-14T13:47:57.803+00:00

As part of our attempts to limit access from unmanaged devices we have a rule in place in Conditional Access which blocks unmanaged Android and iOS devices, along with other rules to allow Intune managed devices things have been working well but we've run into issues with Hello for Business. I'm more towards Mobile management for phones so I've been asked if we can do anything to allow the authenticator app in Conditional Access however it doesn't seem to be available as an option to create a rule against.

Another member of staff is working on setting up Hello for Business but the Authenticator app keeps getting blocked and we don't see an obvious way around it. We would like to roll Hello out to all users so they can use PIN for sign-in and have the number pop up on Authenticator for MFA.

Any suggestions on how we might get around it?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,767 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 18,676 Reputation points Microsoft Employee
    2022-11-16T21:49:15.987+00:00

    Hello @DaveK and thanks for reaching out. Microsoft Authenticator App does not work directly with Windows Hello for Business. It does indirectly as an Azure AD MFA authentication method.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    0 comments No comments