MFA Shall be required for Intune Enrollment
PreviousNoncompliant devices shall be blocked from accessing corporate resourcesNextSecurity Baselines should be configured for Windows Devices
Last updated
Last updated
You can use Intune together with Azure Active Directory (Azure AD) conditional access policies to require multifactor authentication (MFA) during device enrollment. If you require MFA, employees and students wanting to enroll devices must first authenticate with a second device and two forms of credentials. We do not want unauthorized users joining devices to our network.
• MFA Shall be required to enroll devices into Intune
This setting requires at least an Azure AD P1 license which comes standalone or as part of the following bundles:
EMS+E3/E5
Microsoft 365 Business Premium
Microsoft 365 E3
Microsoft 365 E5
Level: Medium
Tips
Users must satisfy the MFA prompt in order to be able to successfully enroll a device. For users signing in for the very first time who have not configured MFA methods, a temporary access pass can be used:
For users signing in for the very first time who have not configured MFA methods, a temporary access pass can be used: