Conditional Access to require MFA to long onto domain joined computer

Sergio Herrera 0 Reputation points
2024-03-19T16:49:48.5633333+00:00

Are you able to use conditional access to require MFA when logging into a domain user account on a domain joined computer?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,414 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 141.2K Reputation points MVP
    2024-03-19T16:55:35.16+00:00

  2. Michael Morten Sonne 570 Reputation points MVP
    2024-03-19T16:58:19.5566667+00:00

    For etc. Entra ID devices for the "Windows Sign in," I presume it's simply the user signing in on the Windows device itself right?

    Certain applications, such as "Windows Sign In," do not have Conditional Access support. This particular application is utilized when a user logs onto an Entra ID Joined device, whether it's online or offline. Because the default Windows logon screen isn't built on a web-based user interface, conducting Conditional Access checks is not feasible.

    I think it is that you refer to right? :)

    Edit: Andy David - MVP answer for the ADFS is the only way as it is for now :)
    We just write at the same time..


  3. Sergio Herrera 0 Reputation points
    2024-03-19T17:31:45.96+00:00

    Yes, I am looking for away to require MFA when a user signs into a Windows device. So it sounds like to accomplish what I looking to do we would need to un-join the devices from the domain and then enroll them Entra ID?

    Or can Azure AD Connect be used to accomplish what I am looking to do?

    0 comments No comments