none
Passwordless strategy glosses over Run as RRS feed

  • Question

  • Hi there.

    This article: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/passwordless-strategy#the-process says one of the steps on the passwordless journey is to disable the use of passwords via:

    1) Setting the GPO/equivalent of Interactive logon: Require Windows Hello for Business or smart card

    2) Disable the password credential provider via GPO/equivalent: Exclude credential providers

    The glaring oversight as I see it that isn't addressed anywhere is both of these actions will also disable the ability to Run as. This means any adhoc support work requiring an emergency install/uninstall of software or drivers is no longer possible.

    The only 'workaround' I can think of is users must be made local administrators but obviously that's not viable/responsible.


    As far as I know the only way to enforce MFA on password login is still provision a 3rd party service with an agent that handles the MFA (like Duo or something).

    Any ideas/comments/plans around this?

    Cheers,

    Dan

    Wednesday, April 15, 2020 7:53 AM

Answers

  • Hello,

    Thank you for posting in our TechNet forum. 

    Based on my extensive data collection and research, there is no relevant information refer to the problem you mentioned. 

    We could execute the only solution as you mentioned if there is no better solution.

    Thank you so much for your understanding and support.

    Best regards,
    Snowy Guan

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by _-Dan-_ Friday, April 17, 2020 9:37 AM
    Thursday, April 16, 2020 10:00 AM

All replies

  • Hello,

    Thank you for posting in our TechNet forum. 

    Based on my extensive data collection and research, there is no relevant information refer to the problem you mentioned. 

    We could execute the only solution as you mentioned if there is no better solution.

    Thank you so much for your understanding and support.

    Best regards,
    Snowy Guan

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by _-Dan-_ Friday, April 17, 2020 9:37 AM
    Thursday, April 16, 2020 10:00 AM
  • Thanks for confirming Snowy - I'll keep an eye out for any future updates around this.
    Friday, April 17, 2020 9:37 AM