Enable phishing-resistant authentication for Universal Windows Platform applications

When users access native Windows apps on managed devices, the authentication with Okta FastPass is phishing resistant. For Universal Windows Platform apps and Microsoft 365 apps you must run a script to ensure phishing-resistant authentication on managed devices. On unmanaged devices, authentication to native Windows apps isn't phishing resistant.

Before you begin

Ensure that the endpoints are managed.

Start this task

  1. On the Windows endpoint, open Windows PowerShell. Click Start, type PowerShell, right-click Windows PowerShell, and then click Run as administrator. You can also run the script by using your device management solution.

  2. Execute the script.

    $packageFolder = [System.Environment]::GetEnvironmentVariable("LOCALAPPDATA") + "\packages"
    $packages = Get-ChildItem -Path $packageFolder | Where-Object { ($_.Name -Match "Microsoft.AAD.BrokerPlugin") -or ($_.Name -Match "AuthHost") } | select -expand Name

    foreach ($package in $packages)
    Write-Host "Creating loopback exemption for" $package
    $command = "CheckNetIsolation.exe LoopbackExempt -a -n=" + $package
    cmd.exe /c $command

Related topics

Phishing-resistant authentication