Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Windows 11 Passwordless Web Sign-in - Entra Joined Devices

            Created by Chris Canfield, Modified on Mon, 23 Sep at 2:22 PM by Chris Canfield

            Overview


            TraitWare Passwordless MFA can be used to provide strong, low-friction security to Windows 11 desktop domain joined logins.


            This guide outlines the steps needed to create a device configuration in Microsoft Intune to allow for Windows 11 domain joined Web sign-ins via TraitWare.


            Prerequisites

            • Supported on: Windows 11 Pro/Enterprise v22H2, Windows 11 SE, v22H2, Windows 11 Pro Edu/Education, v22H2 with KB5022913.
            • Microsoft Graph API configured with TraitWare User Sync
            • Microsoft tenant domain federated to TraitWare
            • Microsoft Intune License for Users
            • Windows machine device policies managed by Intune


            TABLE OF CONTENTS


            Create Device Configuration Policy in Intune


            • In Intune, navigate to Devices>Manage Devices>Configuration



            • Click Create>New Policy




            • For Platform select Windows 10 and later and for Profile type select Settings catalog
            • Click Create




            • Provide a Name for the TraitWare configuration
            • Provide a Description of the configuration if preferred
            • Click Next



            • Click + Add settings



            • Select Authentication from the Settings picker
            • Check the boxes beside Configure Web Sign In URLs and Enable Web Sign In
            • Add api.traitware.com to the Web Sign In Allowed URLs
            • In the Enable Web Sign In dropdown select Enabled. Web Sign-in will be enabled for signing in to Windows
            • Click Next



            • Add Scope tags if preferred (not required)
            • Click Next




            • Assign Groups and Users to allow or exclude them from the TraitWare Web Sign In




            • Review the configuration profile
            • Click Create



            • The created profile will appear in the Device Configuration Policies list



            **Note: It may take a few minutes to hours for the policy to become active for the Windows 11 login. The managed Windows machine must update its policies before the TraitWare Web Sign In option is available.  This is expected Microsoft behavior.



            Test TraitWare Web Sign In


            Test the Traitware desktop login to a domain joined Windows 11 machine.


            • On the Windows 11 login screen, select the domain joined account to use
            • If the password field appears, click Sign-in oprions



            • Select the Web sign-in icon
            • Click the Sign in button



            • Scan the QR code with the TraitWare Mobile app



            • The user is logged in to Windows and the domain



            • For future logins click the Sign in button to go directly to the TraitWare login screen









            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0