Enable phishing-resistant authentication for Universal Windows Platform applications

When users access Universal Windows Platform and Microsoft 365 apps, you must run a script to ensure phishing-resistant authentication.

Start this task

  1. Open Windows PowerShell. Click Start, type PowerShell, right-click Windows PowerShell, and then click Run as administrator. You can also run the script by using your device management solution.

  2. Execute the script.

    $packageFolder = [System.Environment]::GetEnvironmentVariable("LOCALAPPDATA") + "\packages"
    $packages = Get-ChildItem -Path $packageFolder | Where-Object { ($_.Name -Match "Microsoft.AAD.BrokerPlugin") -or ($_.Name -Match "AuthHost") } | select -expand Name

    foreach ($package in $packages)
    Write-Host "Creating loopback exemption for" $package
    $command = "CheckNetIsolation.exe LoopbackExempt -a -n=" + $package
    cmd.exe /c $command

Related topics

Phishing-resistant authentication