Policy

Only allow device authentication for the Microsoft Account Sign-In Assistant

This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.

Policy
Pack Microsoft Windows
Category Windows Components / Microsoft account
Policy ID ae614b6fe8da
Internal name MicrosoftAccount_RestrictToEnterpriseDeviceAuthenticationOnly

Registry

Copy registry mappings

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnterpriseDeviceAuthOnly (enabled) = 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnterpriseDeviceAuthOnly (disabled) = 0

Policy notes

This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.

Related policies

Block all consumer Microsoft account user authentication