New login experience: Windows 11 web login
Today we are looking at the evolution of web logon under Windows 11. Windows 11 has opened up new possibilities with the KB5030310 update in version 22H2.
Passwordless, simplified PIN reset & more
The feature is now no longer limited to the Temporary Access Pass (TAP), but also enables passwordless logins with the Microsoft Authenticator app, simplified PIN resets via Windows Hello for Business and the integration of third-party SAML-P identity providers - a big step towards a more versatile and secure login experience.
- Temporary Access Pass (TAP) is a time-limited code that helps users to confirm their identity for setting up or restoring access to their Microsoft services.
- Third-party SAML-P identity providers are services that make it possible to log in to various applications and services with a single user identity.
MFA & Multifactor Authentication
This is where multifactor authentication (MFA) comes into play to further increase security. MFA requires more than one form of authentication from independent sources to confirm a user's identity, which significantly improves web login security.
System requirements
To use the web login, clients must fulfil the following requirements:
- Windows 11 version 22H2 with 5030310 or higher
- Microsoft Entra must be integrated
- Active Internet connection, as authentication takes place exclusively via the Internet
Important note:
There is no web login support for Microsoft Entra hybrid or for domain-joined devices
Edition and licensing requirements
The following table shows which Windows editions support web logon:
Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education | |
Yes |
Yes |
Yes | Yes | |
Authorisations for web login are granted by the following licences: |
||||
Windows Pro/Pro Education/SE | Windows Enterprise E3 | Windows Enterprise E5 | Windows Education A3 | Windows Education A5 |
Yes | Yes | Yes | Yes | Yes |
To activate the web login
You can activate web login as a credential provider via the settings catalogue in Microsoft Intune. Follow these four simplified steps:
- Open the Microsoft Intune Admin Centre portal and navigate to > Devices > Windows > Configuration profiles.
- Select "Create new policy" and create a profile for "Windows 10 and higher".
- Give the profile a name, add the setting "Enable web logon" and configure the required scope markers and assignments.
- Check the configuration and click on "Create".
The new functions in action
Once activated, web registration will offer the following new features:
- Self-service PIN reset: Allows you to reset your PIN more easily by clicking on "I have forgotten my PIN".
- Passwordless sign-in: Sign in securely and conveniently without a password with the Microsoft Authenticator app.
- Federated identity: Opens up new possibilities for enterprise applications through integration with SAML-P identity providers.
Important note
An active internet connection is essential for using the web login.
Conclusion
The extended web logon functions in Windows 11 offer a flexible and secure solution for the modern working world. This guide will help you to utilise these new possibilities and experience the future of logon with Windows 11. You can find further information in this article.
Why Baggenstos?
Baggenstos IT Services AG plays a key role in the implementation of web login under Windows 11. With expertise in Azure Cloud technology and extensive experience in IT support, Baggenstos develops customised solutions, provides training and support and thus helps its customers to achieve a secure and efficient digital transformation.
- The source of today's article is this aticle by Peter van der Woude