Policy

Allow companion device for secondary authentication

Microsoft Windows

Back to Microsoft Secondary Authentication FactorBack to main
Allow companion device for secondary authentication
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Microsoft Secondary Authentication Factor
Supported on
At least Windows Server 2016, Windows 10

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello. If you enable or do not configure this policy setting, users can authenticate to Windows Hello using a companion device. If you disable this policy, users cannot use a companion device to authenticate with Windows Hello.

Internal name
MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice
Policy ID
5c87993d543c
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Policies\Microsoft\SecondaryAuthenticationFactor
Value name
AllowSecondaryAuthenticationDevice
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Policies\Microsoft\SecondaryAuthenticationFactor
Value name
AllowSecondaryAuthenticationDevice
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.