![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 89%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
25,150 questions
HAADJ windows login methods are Password, PIN, BIO, FIDO2 at lock screen. Web sign-in only supported in AADJ. Hence when you don't have any other credentials. you are left with password login on windows HAADJ machine. Once you login during provisioning TAP can be used as MFA (second factor). No problem using TAP. It just that it can't be alone used as boot strap credentials you do on AADJ with Web sign-in.
Hope this helps. Feel free to post if you have any other questions.
Regards
Nagappan V