Policy

Only allow device authentication for the Microsoft Account Sign-In Assistant

This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.

Policy
PackMicrosoft Windows
CategoryWindows Components / Microsoft account
Policy IDae614b6fe8da
Internal nameMicrosoftAccount_RestrictToEnterpriseDeviceAuthenticationOnly

Registry

Copy registry mappings

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnterpriseDeviceAuthOnly (enabled) = 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnterpriseDeviceAuthOnly (disabled) = 0

Policy notes

This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.

Related policies