6.0 KiB
title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
| title | description | ms.author | ms.topic | ms.prod | ms.technology | author | ms.date |
|---|---|---|---|---|---|---|---|
| Policy CSP - Authentication | Policy CSP - Authentication | maricia | article | w10 | windows | nickbrower | 09/06/2017 |
Policy CSP - Authentication
Warning
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Authentication policies
Authentication/AllowAadPasswordReset
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
 |
 3 |
3 |
3 |
3 |
|
|
Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.
The following list shows the supported values:
- 0 (default) – Not allowed.
- 1 – Allowed.
Authentication/AllowEAPCertSSO
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
Important
This node must be accessed using the following paths:
- ./User/Vendor/MSFT/Policy/Config/Authentication/AllowEAPCertSSO to set the policy.
- ./User/Vendor/MSFT/Policy/Result/Authentication/AllowEAPCertSSO to get the result.
The following list shows the supported values:
- 0 – Not allowed.
- 1 (default) – Allowed.
Authentication/AllowFastReconnect
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
Allows EAP Fast Reconnect from being attempted for EAP Method TLS.
The following list shows the supported values:
- 0 – Not allowed.
- 1 (default) – Allowed.
Most restricted value is 0.
Authentication/AllowSecondaryAuthenticationDevice
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
| 1 |
1 |
1 |
1 |
1 |
1 |
Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.
The following list shows the supported values:
- 0 – Not allowed.
- 1 – Allowed.
The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD).
Footnote:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.