For Entra ID joined PCs, you can use Entra ID to authenticate users with MFA. Below is the architecture and data flow of this setup:
In this setup, tokens cannot be automatically downloaded for offline MFA. Users will have to manually set up offline tokens.
To use Microsoft Entra ID MFA to authenticate users on Entra ID joined PCs, follow the steps below:
- Set up an enterprise application in Entra ID for Computer Logon MA
- Configure Computer Logon Modern Authentication