Versions Compared

Old Version 9

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version 10

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Those options are in the "domain_policy.json" file.

Options for Local Users



onlineoffline
bootup login
local\offline\MfaPolicy\loginMfa
screen unlock
local\offline\MfaPolicy\unlockMfa
elevated access
local\offline\MfaPolicy\uacMfa


Options for Domain Users


onlineoffline
bootup loginazuread\online\MfaPolicy\loginMfaazuread\offline\MfaPolicy\loginMfa
screen unlockazuread\online\MfaPolicy\unlockMfaazuread\offline\MfaPolicy\unlockMfa
elevated accessazuread\online\MfaPolicy\uacMfaazuread\offline\MfaPolicy\uacMfa


If you wish to change customise some of those options, then you need to edit the "domain_policy.json" file in a text editor , and change the corresponding options. 

...

  • if you want to enforce MFA for Azure AD domain users when PC is online on screen unlock, then you need to set the option "azuread\online\MfaPolicy\unlockMfa" to "true"
  • if you want to enforce MFA for local users when PC is online on screen unlock, then you need to set the option "azureadlocal\online\MfaPolicy\unlockMfa" to "true"

...