Forum Discussion
Some users repeatedly prompted for MFA
All our devices are Intune joined. MFA turned on with a conditional access policy: Grant Access to: Require multifactor authentication; Session only configured Sign in frequency: x days. When m...
Hi james3149 ,
experiencing the same thing, Hwayang ?
Are the working users also using Chrome? Wondering if these users with the broken experience are the only ones using Chrome and/or aren't getting all their configs successfully.
Fairly certain the issue you're experiencing may be related to these endpoints missing the Chrome CloudAPAuthEnabled setting. This setting allows identity objects and device attestation properties to pass through Chrome to be evaluated by your CAPs.
You can read more about this setting from Google Chrome, here.
How to enable it locally, here.
Finally, push this setting down to endpoints via Intune, here.
As you can see, you have options. You can push the template and configure the setting, or you can create a Remediation script that checks and sets the RegKey in the "local" instructions. If you need the remediation+detection script let me know, went that route for testing and should have the scripts somewhere.
If you give it a try I'd love to know if this helps at all.
(!) Note, you have to do this for Firefox as well if you use it in your environment: In the browser and via Intune.
Best regards,
Dylan
