Hi Admins,
How do you deal with the following situation?
Infrastructure Situation:
- Azure AD Joined Notebooks
- Setup with WHfB, Pin Set
- Fully intune managed W11 notebooks
- Conditional Access Rules in Place
- AzureJoined Device with Pin Login
= Trusted Device Login, no additional MFA required
- Named Location with from Trusted Office IP
= Trusted Location Login, no additional MFA required
We have a client that ask for the following options:
- Q1) Customer asked for MFA every 7 days enforced a system login
- Q2) Customer asked to have MFA enforced for EVERY Login because PIN is unsafe
My statement:
- PIN is more secure than password because its related to a managed end device
- There's no additional MFA required
- MS Best Practise setup (still looking for best practise manual/info)
What are your thoughts regarding these questions/requirements?
Any way to enforce MFA every 7 days or at notebook login?
thanks