• Oxford, Bicester
  • 01865 771011
  • 12:20
  • 0 Comments

When preparing a Windows 10 / 11 device for a user we often have to sign in with their Microsoft Entra ID (previously called Azure ID) to set everything up. If the user is not available to enter their Microsoft 365 (Entra ID) password and authorise login via MFA, admins can use the Temporary Access Pass feature to login as a user bypassing the password.

This works fine for joining the device to Microsoft Intra ID or configuring desktop and web apps (Teams, Outlook, etc.), but it doesn’t help with the initial login to a Windows device itself.

To log in to a Windows device using the user’s Microsft 365 email and temporary access pass, we have to enable WebSignIn. This is normally done via Microsoft Intune, however, I recently had to do this for a small business in Oxford and the organisation in question wasn’t using Intune. In that case, you can temporarily enable WebSignIn by making a small registry change on the PC locally.

  • Login to the device using any local administrator account.
  • Open Registry Editor (regedit.exe)
  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Authentication
    Create the “Authentication” key if it doesn’t exist.
  • Inside the Authentication key create a new DWORD type entry with the name EnableWebSignIn and a value of 1.
Regedit > EnableWebSignIn
  • Reboot shouldn’t be necessary. Log out and you should see WebSignIn icon under the Sign-in options.
Windows 11 login screen

September 2024
Oxford, Oxfordshire

Previous Post
One or more items in the folder you synchronise…
Next Post
Open “Devices and Printers” in Windows 11

Leave a Comment