deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-23 10:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-authentication.md
Maricia Alforque 9873ee5df5 Merged PR 4240: Removed the pre-release headers
2017-11-01 19:46:45 +00:00

6.6 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
title description ms.author ms.topic ms.prod ms.technology author ms.date
Policy CSP - Authentication Policy CSP - Authentication maricia article w10 windows nickbrower 11/01/2017

Policy CSP - Authentication

Authentication policies

Authentication/AllowAadPasswordReset
Authentication/AllowEAPCertSSO
Authentication/AllowFastReconnect
Authentication/AllowSecondaryAuthenticationDevice
**Authentication/AllowAadPasswordReset**
Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark3 check mark3 check mark3 check mark3 cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. 

The following list shows the supported values:

  • 0 (default) Not allowed.
  • 1 Allowed.
**Authentication/AllowEAPCertSSO**
Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark cross mark cross mark

Scope:

[!div class = "checklist"]

  • User

Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.

The following list shows the supported values:

  • 0 Not allowed.
  • 1 (default) Allowed.
**Authentication/AllowFastReconnect**
Home Pro Business Enterprise Education Mobile Mobile Enterprise
check mark check mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Allows EAP Fast Reconnect from being attempted for EAP Method TLS.

The following list shows the supported values:

  • 0 Not allowed.
  • 1 (default) Allowed.

Most restricted value is 0.

**Authentication/AllowSecondaryAuthenticationDevice**
Home Pro Business Enterprise Education Mobile Mobile Enterprise
check mark1 check mark1 check mark1 check mark1 check mark1 check mark1

Scope:

[!div class = "checklist"]

  • Device

Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.

The following list shows the supported values:

  • 0 Not allowed.
  • 1 Allowed.

The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD).

Footnote:

  • 1 - Added in Windows 10, version 1607.
  • 2 - Added in Windows 10, version 1703.
  • 3 - Added in Windows 10, version 1709.

Authentication policies supported by Windows Holographic for Business

Authentication policies supported by IoT Core