From 0da0569ad6cac1af3d4c2b4866d7ce806f0c9df8 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 8 May 2023 12:32:07 -0400 Subject: [PATCH 1/2] caution text for Win11 --- .../hello-for-business/feature-multifactor-unlock.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index c4e5d43423..7947712bea 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -29,6 +29,11 @@ The policy setting has three components: ## Configure unlock factors +> [!CAUTION] +> On Windows 11, the group policy [DontDisplayLastUserName](/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name) or the [InteractiveLogon_DoNotDisplayLastSignedIn CSP](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#interactivelogon_donotdisplaylastsignedin) are known to interfere with the ability to use multi-factor unlock. +> +> Disabling the group policy DontDisplayLastUserName or changing the InteractiveLogon_DoNotDisplayLastSignedIn CSP to 0 will let you use multi-factor unlock. + The **First unlock factor credential providers** and **Second unlock factor credential providers** portion of the policy setting each contain a comma separated list of credential providers. Supported credential providers include: @@ -40,8 +45,8 @@ Supported credential providers include: |Facial Recognition| `{8AF662BF-65A0-4D0A-A540-A338A999D36F}`| |Trusted Signal
(Phone proximity, Network location) | `{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}`| ->[!NOTE] ->Multifactor unlock does not support third-party credential providers or credential providers not listed in the above table. +> [!NOTE] +> Multifactor unlock does not support third-party credential providers or credential providers not listed in the above table. The default credential providers for the **First unlock factor credential provider** include: From fd80eca0a4fe4a90c0807abf24212dd5fbd355bb Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 8 May 2023 12:37:33 -0400 Subject: [PATCH 2/2] caution text for Win11 --- .../hello-for-business/feature-multifactor-unlock.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 7947712bea..cf9c8484b0 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -30,9 +30,7 @@ The policy setting has three components: ## Configure unlock factors > [!CAUTION] -> On Windows 11, the group policy [DontDisplayLastUserName](/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name) or the [InteractiveLogon_DoNotDisplayLastSignedIn CSP](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#interactivelogon_donotdisplaylastsignedin) are known to interfere with the ability to use multi-factor unlock. -> -> Disabling the group policy DontDisplayLastUserName or changing the InteractiveLogon_DoNotDisplayLastSignedIn CSP to 0 will let you use multi-factor unlock. +> On Windows 11, when the [DontDisplayLastUserName](/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name) security policy is enabled, it is known to interfere with the ability to use multi factor unlock. The **First unlock factor credential providers** and **Second unlock factor credential providers** portion of the policy setting each contain a comma separated list of credential providers.