Enable phishing-resistant authentication for Universal Windows Platform applications

When users access Universal Windows Platform and Microsoft 365 apps, you must run a script to ensure phishing-resistant authentication.

Start this task

1. Open Windows PowerShell. Click Start, type PowerShell, right-click Windows PowerShell, and then click Run as administrator. You can also run the script by using your device management solution.

2. Execute the script.

   Copy

   1
   2
   3
   4
   5
   6
   7
   8
   9
   $packageFolder = [System.Environment]::GetEnvironmentVariable("LOCALAPPDATA") + "\packages"
   $packages = Get-ChildItem -Path $packageFolder | Where-Object { ($_.Name -Match "Microsoft.AAD.BrokerPlugin") -or ($_.Name -Match "AuthHost") }  | select -expand Name
   
   foreach ($package in $packages)
   {    
     Write-Host "Creating loopback exemption for" $package    
     $command = "CheckNetIsolation.exe LoopbackExempt -a -n=" + $package     
     cmd.exe /c $command
   }

Related topics

Phishing-resistant authentication