Enable phishing-resistant authentication for Universal Windows Platform applications
When users access native Windows apps on managed devices, the authentication with Okta FastPass is phishing resistant. For Universal Windows Platform apps and Microsoft 365 apps you must run a script to ensure phishing-resistant authentication on managed devices. On unmanaged devices, authentication to native Windows apps isn't phishing resistant.
Before you begin
Ensure that the endpoints are managed.
Start this task
-
On the Windows endpoint, open Windows PowerShell. Click Start, type PowerShell, right-click Windows PowerShell, and then click Run as administrator. You can also run the script by using your device management solution.
-
Execute the script.
Copy$packageFolder = [System.Environment]::GetEnvironmentVariable("LOCALAPPDATA") + "\packages"
$packages = Get-ChildItem -Path $packageFolder | Where-Object { ($_.Name -Match "Microsoft.AAD.BrokerPlugin") -or ($_.Name -Match "AuthHost") } | select -expand Name
foreach ($package in $packages)
{
Write-Host "Creating loopback exemption for" $package
$command = "CheckNetIsolation.exe LoopbackExempt -a -n=" + $package
cmd.exe /c $command
}