Policy
Only allow device authentication for the Microsoft Account Sign-In Assistant
This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.
PackMicrosoft Windows
CategoryWindows Components / Microsoft account
Policy ID
ae614b6fe8daInternal name
MicrosoftAccount_RestrictToEnterpriseDeviceAuthenticationOnlyRegistry
Copy registry mappings
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnterpriseDeviceAuthOnly (enabled) = 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnterpriseDeviceAuthOnly (disabled) = 0Policy notes
This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.