This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign-on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello.
If you enable or don't configure this policy setting, users can authenticate to Windows Hello using a companion device.
If you disable this policy, users can't use a companion device to authenticate with Windows Hello.
Specifies a list of domains that are allowed to access the webcam in Web Sign-in based authentication scenarios.
Nota
Web sign-in is only supported on Microsoft Entra joined PCs.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Allowed Values
List (Delimiter: ;)
Example:
Your organization federates to "Contoso IDP" and your web sign-in portal at signinportal.contoso.com requires webcam access. Then the value for this policy should be:
contoso.com
ConfigureWebSignInAllowedUrls
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1803 with KB5001339 [10.0.17134.2145] and later
Specifies a list of URLs that are navigable in Web Sign-in based authentication scenarios.
This policy specifies the list of domains that users can access in certain authentication scenarios. For example:
Microsoft Entra ID PIN reset
Web sign-in Windows device scenarios where authentication is handled by Active Directory Federation Services (AD FS) or a third-party federated identity provider
Nota
This policy is required in federated environments as a mitigation to the vulnerability described in CVE-2021-27092.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Allowed Values
List (Delimiter: ;)
Example:
Your organization's PIN reset or web sign-in authentication flow is expected to navigate to the following two domains: accounts.contoso.com and signin.contoso.com. Then the value for this policy should be:
accounts.contoso.com;signin.contoso.com
EnableFastFirstSignIn
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
Specifies whether new non-admin Microsoft Entra accounts should auto-connect to pre-created candidate local accounts.
This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Microsoft Entra accounts to the pre-configured candidate local accounts.
Importanti
Pre-configured candidate local accounts are any local accounts that are pre-configured or added on the device.
Description framework properties:
Property name
Property value
Format
int
Access Type
Add, Delete, Get, Replace
Default Value
0
Allowed values:
Value
Description
0 (Default)
The feature defaults to the existing SKU and device capabilities.
1
Enabled. Auto-connect new non-admin Microsoft Entra accounts to pre-configured candidate local accounts.
2
Disabled. Don't auto-connect new non-admin Microsoft Entra accounts to pre-configured local accounts.
EnablePasswordlessExperience
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 23H2 with KB5031455 [10.0.22631.2506] and later
Specifies whether web-based sign-in is allowed for signing in to Windows.
Web sign-in is a credential provider that enables a web-based sign-in experience on Windows devices. Initially introduced in Windows 10 with support for Temporary Access Pass (TAP) only, Web sign-in expanded its capabilities starting in Windows 11, version 22H2 with KB5030310. For more information, see Web sign-in for Windows.
Nota
Web sign-in is only supported on Microsoft Entra joined PCs.
Description framework properties:
Property name
Property value
Format
int
Access Type
Add, Delete, Get, Replace
Default Value
0
Allowed values:
Value
Description
0 (Default)
The feature defaults to the existing SKU and device capabilities.
1
Enabled. Web Sign-in will be enabled for signing in to Windows.
2
Disabled. Web Sign-in won't be enabled for signing in to Windows.
PreferredAadTenantDomainName
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
Hay varias opciones para la autenticación en Azure AD. Aprenda a implementar y administrar las autenticaciones correctas para los usuarios en función de las necesidades empresariales.
Muestre las características de Microsoft Entra ID para modernizar las soluciones de identidad, implementar soluciones híbridas e implementar la gobernanza de identidades.