I am trying to configure Windows Hellow for Business (WHfB) so that when I log into my on prem hybrid joined Windows server I can use my Entra joined admin User with an MFA prompt to log in. To accomplish this I edited the GPO affecting the server. I've enabled it as such:
The issue I'm running into is that I cannot log in. I do not know what's missing for me to be able to log in using my Entra username + password. I feel like I'm missing a required setting that I'm unaware of. I have tried the following logins:
- domain
- user
- [email protected]
- [email protected]
None of the Logins work and I alway get this message: "You must use Windows Hello or a smart card to sign in."
That is the expected behavior. You must use either Windows Hello or a traditional smart card to logon.
The policy setting is designed to specifically prohibit username and password logon. Additionally, the policy setting applies to all accounts that logon to that host.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card