For Entra ID joined PCs, you can use Entra ID to authenticate users with MFA. Below is the architecture and data flow of this setup:
To use Microsoft Entra ID MFA to authenticate users on Entra ID joined PCs, you must complete the following steps:
- Set up an enterprise application in Entra ID for Computer Logon MA
- Configure Computer Logon Modern Authentication
- Deploy Computer Logon Modern Authentication
Important
In this setup, tokens cannot be automatically downloaded for offline MFA, as Entra ID does not support this function. There are 2 alternative options: