NewB Question: Azure AD and Logging In

Kevin Moore 1 Reputation point
2020-06-15T15:23:32.35+00:00

Hi,

We are evaluating Azure AD to determine if it can help us secure our local PCs and I have a few questions. We have created a new Domain in Azure AD and have created a few test users to access that Domain.

I have been able to join our Windows 10 PCs to our new Azure AD Domain. When I log into the Windows 10 PC with my Azure AD account, I have to login a second time to access the myapps.microsoft.com web page. I am hoping to configure it when a user logs into their local Windows 10 PC, they don't have to re-authenticate themselves into the Azure AD again. Is that correct?

I have MFA set up on my Azure AD account but when I log into Windows 10 with that account, it doesn't require me to use my MFA?

I'm sure I'll have more questions as we move this along.

Thanks,
Kevin

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,557 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,336 Reputation points Microsoft Employee
    2020-06-16T00:11:00.34+00:00

    If your device is hybrid Azure AD joined then you can SSO to both on-premises and cloud resources as described here: https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid

    If you don't want to re-authenticate with new sessions you can configure sign-in frequency using policies. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

    It is not available to do "Azure MFA" at the time of login. But the "Windows Hello for Business" is considered strong auth. If you want to do MFA at the time of login, Windows Hello for Business (bio metric/PIN etc) is the answer. https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock

    0 comments No comments