Intune - MFA not popping for Connected to windows account

Rohanathan S 21 Reputation points
2022-02-15T05:23:21.693+00:00

Hi Team,

I have configured a conditional access in Endpoint portal.

174256-mfa-1.png

It is working as expected. However, when I Pick an account showing "Connected to Windows" I am able to sign in directly without authentication.

Is there a way to disable it? Kindly suggest if there are any additional configurations.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,552 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,239 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,141 Reputation points Microsoft Employee
    2022-02-16T23:26:43.623+00:00

    Hi @Rohanathan S ,

    I understand that you are trying to enforce MFA using conditional access, but are not receiving the MFA prompt when you pick an account showing "Connected to Windows" to authenticate.

    If you received the "Stay signed in?" prompt and chose "Yes", the web browser will remember your information for 90 days. Could you try signing in with a different account and selecting "No" to see if the problem persists?

    175153-image.png

    If this is the first time authenticating and you have already enabled MFA, one thing you can try is disabling and then re-enabling the MFA.

    Other possibilities:

    The account could be saved in "Work or school" and you may need to sign out under Windows > Settings > Accounts.

    If the browser is saving the account information, you can try clearing the information on that browser or signing in with a different one.

    If you do not want the option for users to stay signed in, you can set "Show option to remain signed in" to "No." https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/keep-me-signed-in

    If none of these scenarios apply to your situation, could you please share some screenshots so that I could better assist?

    -

    If this answer was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

    0 comments No comments

  2. Daniel Vicari 96 Reputation points
    2024-01-22T21:22:49.5533333+00:00

    This question is obviously a bit old at this point but for anyone else trying to track this issue down I'll try to give some context. MFA and sign ins are, under most circumstances, linked in a Windows environment. That means, if you sign in, you'll have to do MFA, if you don't have to sign in, you wont do MFA. If a user is connecting through a 'connected to Windows' account they essentially have already signed in. As such, the user is not signing in and they will not be prompted to perform MFA. I am not sure how you might go about disabling or disallowing this functionality, but that is why you would see this behavior.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.