question

DeniGaro-2275 avatar image
0 Votes"
DeniGaro-2275 asked RunyonKen-8777 commented

Azure MFA on local logins and computers

Hi all,

Is it possible to use azure mfa on local computer logins, I mean when user starts the computer in the morning and tries to login to get redirected to use MFA signin (through authenticator). If he or she tries to use the computer that is not accepted by the company user will get access denied?

Is this possible with azure MFA (Something like DUO for computers)

azure-ad-multi-factor-authenticationazure-ad-domain-services
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This is a regular and recurring question. In my State we will soon be required to implement MFA for local access. The MS MFA answer in this regard is driving organizations to other, more costly, solutions. Without an easy to implement MFA option for local window's login, MS is positioning itself poorly. I love the way the Azure conditional access works but there are decisions that just make no sense. Such as why the lack of a local login MFA option.

0 Votes 0 ·

1 Answer

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered

Hi @DeniGaro-2275 , unfortunately Azure MFA does not have a good solution for this. My colleague goes into detail here about this. Please let me know if you have any questions.

Best,
James


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi James,

Is there anything we can do with conditional access polices and azure mfa to combine these 2 to get protection on local logons? If we join computers to azure ad and configure conditional access, will mfa protect local logons or there is no option for this?

0 Votes 0 ·

Hi @DeniGaro-2275 , Windows Hello for business is good for this. It's not Azure MFA but it's good authentication. Please let me know what you think, and I can answer any questions you have about it!

Best,
James


1 Vote 1 ·

Hi James,

Thank you for the answer. Problem with windows hello is that we can fallback to pass login. What would you recommend when it comes to protecting internal resources. Shall we configure conditional access or is there something else to implement to get higher security?

Many thanks for your help James

0 Votes 0 ·