Share via

Is it possible to implement session unlocking with the Authenticator application ?

Yannick MANNE 0 Reputation points
2023-03-30T08:26:39.7033333+00:00

Hello,

I would like to set up session unlocking on the computers via the Microsoft Authenticator application. Is it possible?

And if yes, is it possible on local sessions, AzureAD session or local Active Directory sessions?

For unlocking, I assume that users have Office 365 accounts

Thank you and have a nice day

Windows for business Windows Client for IT Pros Devices and deployment Configure application groups
Microsoft Security Intune Security
Microsoft Security Microsoft Entra Microsoft Entra ID
Windows for business Windows Client for IT Pros User experience Other
Microsoft Security Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ayomide Oluwaga 906 Reputation points
    2023-03-31T00:12:27.5+00:00

    Hello @Yannick MANNE

    Welcome to the Q&A and Yes, it is possible to set up session unlocking on computers using the Microsoft Authenticator app. However, the ability to do so may depend on the specific scenario and configuration in your organization.

    For local sessions, you can enable Windows Hello for Business, which allows users to authenticate using biometric data or a PIN, and set up the Microsoft Authenticator app as a second factor. This can be configured through the Windows 10 Settings app.

    For Azure AD sessions, you can enable Azure AD conditional access policies that require multi-factor authentication (MFA), which can include the Microsoft Authenticator app as a second factor. This can be configured through the Azure portal.

    For local Active Directory sessions, you can use the Microsoft Authenticator app with Azure AD Connect to enable hybrid Azure AD join, which allows users to sign in with their on-premises credentials and use the Microsoft Authenticator app as a second factor for MFA. This can be configured through the Azure AD Connect wizard.

    Please note that to use the Microsoft Authenticator app for session unlocking, users must have an Office 365 account that is enrolled in Azure AD, and the devices must be registered with Azure AD or joined to Azure AD or hybrid Azure AD joined.

    This will help and assist you with the process:

    https://support.microsoft.com/en-us/account-billing/set-up-the-microsoft-authenticator-app-as-your-verification-method-33452159-6af9-438f-8f82-63ce94cf3d29

    https://support.microsoft.com/en-us/account-billing/change-your-two-step-verification-method-and-settings-c801d5ad-e0fc-4711-94d5-33ad5d4630f7

    Let me know if this was helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.