Multi factor authentication to Windows login via Conditonal access/intune

Porat Arzouan 21 Reputation points

One of my customers had few questions so I wanted to consult with more experienced guys than me.

  1. Via Intune\Azure AD premium plan 1/2, can I achieve MFA of Microsoft authenticator or sms from Microsoft of windows login (each time user login, not only on enrollment),

I introduced my client the Windows hello and he said its not sufficient enough for him,
he wants multi factor through other device as Microsoft authenticator knows.

He also want the MFA to work only when they are outside the organizations ip pool is it possible? (i know its possible through conditonal access but i didnt find windows login there, only intune enrolment).

  1. Through the Intune product can i see who tried to login to my office 365 users and from which ip? (if not do you know which tool do it such as office 365 defender atp).
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,549 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Thilo Langbein 21 Reputation points

    Are there any news around MS built-in MFA for windows 10/11 aad computer sign in?

    4 people found this answer helpful.
    0 comments No comments

  2. Frosticles 21 Reputation points

    Come on Microsoft -- get your act together -- this really should be an option built in to the O/S -- should not require third-party tools.

    2 people found this answer helpful.
    0 comments No comments

  3. VipulSparsh-MSFT 16,176 Reputation points Microsoft Employee

    @Porat Arzouan Currently this is not possible. You cannot have multifactor via Authenticator app while Windows login. Microsoft does not provide any options like this. There are few third parties which allow doing this using some custom tool. You can read more on this thread where I answered a similar scenario.

    All MFA are targeted to Applications/resources and none of them target at Windows login via conditional access.

    Windows Hello for business with Biometric capability can be used in this place and aligns with Microsoft suggestion provided your hardware supports this.


    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    1 person found this answer helpful.

  4. Pa_D 1,066 Reputation points

    One of my client does this with a 3rd party tool called "Manage Central".

  5. Leon LIU 1 Reputation point

    I have the same issue in my org, it seems that Microsoft only provide Windows web sign in for Azure AD joined devices, but we are in the hybird.

    0 comments No comments