Specify Active Directory users that require multi-factor authentication on Windows login (when the agent is not joined to a zone)
Use this policy to specify the Active Directory users that are required to use multi-factor authentication to log on to Windows computers. If you enable this policy, you can specify users by name in the following formats:
sAMAccountName
sAMAccountName@domain
userPrincipalName@domain
- An asterisk (
*
), which includes all Active Directory users
Use quotes for names containing spaces, for example, “Krusty T. Clown”.
By default, no users are required to authenticate using multi-factor authentication.