![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 78%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELA%3C/text%3E%3C/svg%3E)
25,081 questions
Hello @Leonel Aviles , for Azure AD registered or joned devices you can enable Windows Hello for Business, a 2 factor authentication feature that meets Azure AD multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources.
For deployment information take a look to:
- Hybrid Azure AD Joined cloud Kerberos trust Deployment
- Hybrid Azure AD Joined Key Trust Deployment
- Hybrid Azure AD Joined Certificate Trust Deployment
- Azure AD Join Single Sign-on Deployment Guides
For more information on the relationship between WHB, Azure AD devices and MFA take a look to [What is a Primary Refresh Token?](https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim:~:text=A%20Primary%20Refresh%20Token%20(PRT,get%20the%20best%20SSO%20experience.) and When does a PRT get an MFA claim?
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.