Multi factor authentication to Windows login via Conditonal access/intune

Porat Arzouan 21 Reputation points
2021-03-07T09:29:58.633+00:00

Hey,
One of my customers had few questions so I wanted to consult with more experienced guys than me.

  1. Via Intune\Azure AD premium plan 1/2, can I achieve MFA of Microsoft authenticator or sms from Microsoft of windows login (each time user login, not only on enrollment),

I introduced my client the Windows hello and he said its not sufficient enough for him,
he wants multi factor through other device as Microsoft authenticator knows.

He also want the MFA to work only when they are outside the organizations ip pool is it possible? (i know its possible through conditonal access but i didnt find windows login there, only intune enrolment).

  1. Through the Intune product can i see who tried to login to my office 365 users and from which ip? (if not do you know which tool do it such as office 365 defender atp).
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,651 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Thilo Langbein 16 Reputation points
    2022-09-05T09:47:27.41+00:00

    Are there any news around MS built-in MFA for windows 10/11 aad computer sign in?

    No comments

  2. Frosticles 21 Reputation points
    2022-11-30T03:53:44.733+00:00

    Come on Microsoft -- get your act together -- this really should be an option built in to the O/S -- should not require third-party tools.

    No comments

  3. VipulSparsh-MSFT 15,956 Reputation points
    2021-03-08T07:13:07.67+00:00

    @Porat Arzouan Currently this is not possible. You cannot have multifactor via Authenticator app while Windows login. Microsoft does not provide any options like this. There are few third parties which allow doing this using some custom tool. You can read more on this thread where I answered a similar scenario.

    All MFA are targeted to Applications/resources and none of them target at Windows login via conditional access.

    Windows Hello for business with Biometric capability can be used in this place and aligns with Microsoft suggestion provided your hardware supports this.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.


  4. Pa_D 1,046 Reputation points
    2021-03-08T21:26:17.647+00:00

    One of my client does this with a 3rd party tool called "Manage Central".


  5. Leon LIU 1 Reputation point
    2021-11-08T02:33:25.29+00:00

    I have the same issue in my org, it seems that Microsoft only provide Windows web sign in for Azure AD joined devices, but we are in the hybird.

    No comments