[Intune] Disable MFA for specific devices for enrollment

Chned 46 Reputation points
2021-06-16T13:19:24.57+00:00

So we wanted to hand out a few hundred notebooks in our organization which are intended for shared use next week. These notebooks aren't enrolled yet; we wanted to let our users enroll them in Intune. So the first user who will use the laptop needs to follow our manual to do so.

Only problem is that our organization is enforcing MFA; biggest problem is that most of these specific users don't have a cellphone or smartphone from our organization. Is there a way to exclude only these shared devices from having to use MFA when enrolling? Or does anyone have another, better solution for this last-minute issue?

Thanks in advance!

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,882 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,341 Reputation points
    2021-06-17T04:21:12.207+00:00

    @Chned Thanks for posting in our Q&A.

    To clarify this issue, we appreciate your help to check where did you enforce the MFA. Did you enable the MFA in users in Azure AD portal or enable the MFA in the conditional access?

    If you enable the MFA in users in Azure AD portal, it is suggested to try to disable it temporarily.

    And if you enable the MFA in the conditional access, it is recommended to try to exclude the Microsoft Intune Enrollment and Microsoft Intune cloud apps from the MFA conditional access policy. Also, it is needed to set "Devices to be Azure AD joined or Azure AD registered require Multi-Factor Authentication" to "No" in Azure AD portal. These settings will bypass the MFA.
    106432-image.png

    106340-image.png

    Hope the above information will help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Chned 46 Reputation points
    2021-06-17T05:55:35.433+00:00

    Thanks for your information. The only problem is that only this specific batch of notebooks needs to be excluded from the need of MFA at enrollment....
    Is that also possible?

  3. Azure Apprentice 191 Reputation points
    2021-06-22T15:23:33.483+00:00

    @Chned You can create a group where all of the included members are excluded from MFA. After they enroll you can exclude them. That's how we do it at our organization.

  4. Gary Reardon 0 Reputation points
    2023-11-13T18:42:45.4733333+00:00

    This no longer works, any addition insight?

    0 comments