This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 10%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Hey,
One of my customers had few questions so I wanted to consult with more experienced guys than me.
I introduced my client the Windows hello and he said its not sufficient enough for him,
he wants multi factor through other device as Microsoft authenticator knows.
He also want the MFA to work only when they are outside the organizations ip pool is it possible? (i know its possible through conditonal access but i didnt find windows login there, only intune enrolment).
@Porat Arzouan Thanks for posting in our Q&A.
For seeing who tried to login to my office 365 users, we can check sign-in logs in Azure AD. For this case, it is more related to Azure AD, so I will remove the intune-device-configurations tag and add the Azure AD tag. Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Porat Arzouan
I wanted to follow up and know if the below responses helped in answering your query. If it did, please do not forget to accept the appropriate response as Answer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 7.000000000000001%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Is there other portal that give more analytics and more info about the current logged sign ins and give me the ability to force log off the users? such as the casb of microsoft?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 28.999999999999996%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
Are there any news around MS built-in MFA for windows 10/11 aad computer sign in?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 92%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Come on Microsoft -- get your act together -- this really should be an option built in to the O/S -- should not require third-party tools.
@Porat Arzouan Currently this is not possible. You cannot have multifactor via Authenticator app while Windows login. Microsoft does not provide any options like this. There are few third parties which allow doing this using some custom tool. You can read more on this thread where I answered a similar scenario.
All MFA are targeted to Applications/resources and none of them target at Windows login via conditional access.
Windows Hello for business with Biometric capability can be used in this place and aligns with Microsoft suggestion provided your hardware supports this.
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.
What would you suggest to the customer that want this feature (of course in the capabilities of Intune/AzureAD)
About the other question with seeing analytics of users sign ins to office365,
Is there other portal that give more analytics and more info about the current logged sign ins and give me the ability to force log off the users? such as the casb of microsoft?
@Porat Arzouan You can try something as Multi-Factor Unlock with Windows hello for business which works with trusted signals. This will help if you have following concerns :
1)Have expressed that PINs alone do not meet their security needs.
2)Want to prevent Information Workers from sharing credentials.
3)Want their organizations to comply with regulatory two-factor authentication policy.
4)Want to retain the familiar Windows sign-in user experience and not settle for a custom solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 50%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
One of my client does this with a 3rd party tool called "Manage Central".
Thank you very much,
But I want the customer to work with Microsoft solutions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 39%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
I have the same issue in my org, it seems that Microsoft only provide Windows web sign in for Azure AD joined devices, but we are in the hybird.