Only allow device authentication for the Microsoft Account Sign-In Assistant
Supported on: At least Windows 11 Version 22H2
Registry
HKLM
Software\Microsoft\Windows\CurrentVersion\Policies\System Value name: EnterpriseDeviceAuthOnly
Enabled: EnterpriseDeviceAuthOnly = 1
Disabled: EnterpriseDeviceAuthOnly = 0
Description
This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication.