I wanted to write a quick follow up to my the Configure Windows 10 Web sign in article. Since then Microsoft has made the configuration of the Web Sign in functionality a lot easier. Further more this feature can now also to used in combination with Temporary Access Passes, a new functionality in Azure AD.
In stead of using custom OMA-URI policies you can now use the Session Catalog to configure web sign in. To use the Session Catalog create a new Device Configuration Profile targeted to Windows 10 and for profile type you select Settings Catalog
Give your Profile a name and a clear description, and select Next
In the Configuration Settings tab, select Add Settings. Here you select Authentication, and select Enable Web Sign in and you can optionally select Preferred Aad Tenant Domain Name.
Close the Settings picker and you now have two options you can configure. For the Enable Web Sign In select Enabled. Web Sign-in will be enabled for signing in to Windows. For Preferred Aad Tenant Domain Name you can enter the domain name of your tenant. This will ensure the user will get a themed version of the sign in window (if you have any customizations).
Choose next and assign the policy to an group that contains computer objects.
Hope this quick follow up helps you with configuring Windows Web Sign in.
Hello I tried to do this administration. Is it possible to log in with the password and not with the access pass?
Hi,
The web sign in functionality is designed to be used for functionalities like Temporary Access Pass.
“Web Sign-in” is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass. link
I believe it will work for signing in the device, but its not a supported functionality
As far as I understood from Microsoft you will also get the weblogin screen when adding a new device to Azure AD.
Too bad there is no such thing as ‘weblogon’ with 2fa/mfa for Windows Login without using a third party tool. I understand Microsoft received a lot of request to do this (back in 2020 allready) but I cannot find where you can vote for this.
Hopefully soon.
Thanks for your blogposts btw!