Is it possible to implement session unlocking with the Authenticator application ?

Yannick MANNE 0 Reputation points
2023-03-30T08:26:39.7033333+00:00

Hello,

I would like to set up session unlocking on the computers via the Microsoft Authenticator application. Is it possible?

And if yes, is it possible on local sessions, AzureAD session or local Active Directory sessions?

For unlocking, I assume that users have Office 365 accounts

Thank you and have a nice day

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,777 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,626 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,780 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
350 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,800 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ayomide Oluwaga 946 Reputation points
    2023-03-31T00:12:27.5+00:00

    Hello @Yannick MANNE

    Welcome to the Q&A and Yes, it is possible to set up session unlocking on computers using the Microsoft Authenticator app. However, the ability to do so may depend on the specific scenario and configuration in your organization.

    For local sessions, you can enable Windows Hello for Business, which allows users to authenticate using biometric data or a PIN, and set up the Microsoft Authenticator app as a second factor. This can be configured through the Windows 10 Settings app.

    For Azure AD sessions, you can enable Azure AD conditional access policies that require multi-factor authentication (MFA), which can include the Microsoft Authenticator app as a second factor. This can be configured through the Azure portal.

    For local Active Directory sessions, you can use the Microsoft Authenticator app with Azure AD Connect to enable hybrid Azure AD join, which allows users to sign in with their on-premises credentials and use the Microsoft Authenticator app as a second factor for MFA. This can be configured through the Azure AD Connect wizard.

    Please note that to use the Microsoft Authenticator app for session unlocking, users must have an Office 365 account that is enrolled in Azure AD, and the devices must be registered with Azure AD or joined to Azure AD or hybrid Azure AD joined.

    This will help and assist you with the process:

    https://support.microsoft.com/en-us/account-billing/set-up-the-microsoft-authenticator-app-as-your-verification-method-33452159-6af9-438f-8f82-63ce94cf3d29

    https://support.microsoft.com/en-us/account-billing/change-your-two-step-verification-method-and-settings-c801d5ad-e0fc-4711-94d5-33ad5d4630f7

    Let me know if this was helpful.