I've been given the responsibility to secure Windows Hello for Business (WHfB) to meet AAL2 standards. However, I'm struggling to find clear documentation on how to implement this. According to what I've read, WHfB should be secured with an additional layer of authentication, either through SMS (which I consider unreliable) or through the Microsoft Authenticator app. I need it to work in such a way that after entering the PIN, it will trigger a push notification from the Authenticator app for further verification. Can anyone guide me on how to set this up using Conditional Access policies?
2 Answers
I tried the multi-factor unlock approach as well, but it seems like you can't set the Authenticator app as the trusted signal according to the Microsoft documentation. If there's some way to include the Authenticator as a second factor, I'd love to hear about it!
Hey! It sounds like you're looking for the Multi-factor unlock feature for Windows Hello. You can find detailed info about it here: [Multi-factor unlock](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/multifactor-unlock). This should help you get started on implementing that additional layer of authentication you need.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures