{"id":16591,"date":"2026-05-30T02:01:23","date_gmt":"2026-05-29T17:01:23","guid":{"rendered":"https:\/\/m365jp.net\/?p=16591"},"modified":"2026-05-30T02:02:06","modified_gmt":"2026-05-29T17:02:06","slug":"mc1326253-conditional-access-policies-now-apply-to-windows-hello-for-business-and-macos-platform-sso-registration","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-05-30-mc1326253-conditional-access-policies-now-apply-to-windows-hello-for-business-and-macos-platform-sso-registration","title":{"rendered":"MC1326253 | Conditional Access policies now apply to Windows Hello for Business and macOS Platform SSO registration"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1326253 | Conditional Access policies now apply to Windows Hello for Business and macOS Platform SSO registration<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>05\/29\/2026 16:56:51<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>05\/29\/2026 16:55:15<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>08\/13\/2026 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>If your organization has Conditional Access policies scoped to Register security information, those policies will now apply when users set up Windows Hello for Business (WHfB) or register macOS Platform SSO credentials.<\/p>\n<p>Today, these registration flows enforce MFA, but do not evaluate your registration-targeting Conditional Access policies \u2014 meaning requirements like authentication strength, trusted locations, or other CA conditions aren&#8217;t enforced when users enroll WHfB   or macOS Platform SSO credentials. This change closes that gap.<\/p>\n<p>  <\/p>\n<p>Organizations without these policies aren&#8217;t affected.  <\/p>\n<p><b><\/b><\/p>\n<p><b>When this will happen<br \/>  <\/b><\/p>\n<p>\u2022 <b>July 6, 2026: Gradual rollout begins.<br \/>  <\/b><\/p>\n<p>\u2022 July 13, 2026: Rollout complete for all tenants.  <\/p>\n<\/p>\n<p><b>How this affects your organization<br \/>  <\/b><\/p>\n<p>Users registering WHfB or macOS PSSO credentials will need to satisfy your registration-targeting Conditional Access policy requirements before completing enrollment. For example, a user might need to use an existing FIDO2 security key, approve a push notification   in Microsoft Authenticator, or connect from a trusted network location \u2014 depending on what your policies require. Any Grant controls you&#8217;ve configured will apply.  <\/p>\n<p>Users who don&#8217;t meet the requirements will be blocked from completing registration until the conditions are met.<\/p>\n<\/p>\n<p>  <\/p>\n<p><b>Action recommended<br \/>  <\/b><\/p>\n<ol>\n<li>In Entra admin center &gt; Protection &gt; Conditional Access, find policies targeting Register security information.  <\/li>\n<li>Review Grant controls \u2014 check what requirements users must satisfy during registration (authentication strength, trusted locations, MFA method).  <\/li>\n<li>Consider whether users setting up a new device can meet your policy requirements \u2014 for example, make sure users have a FIDO2 security key or other qualifying credential available before they start device setup.  <\/li>\n<li>Test with report-only mode before enforcement reaches your tenant.  <\/li>\n<li>Update helpdesk docs \u2014 users may see a new authentication prompt during device setup.  <\/li>\n<\/ol>\n<p>If you experience issues during the rollout window (July 6\u2013July 13), contact Microsoft Support or your account team for assistance.  <\/p>\n<p>Learn more: <a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/conditional-access\/policy-all-users-security-info-registration\" target=\"_blank\">  Require MFA for security info registration<\/a>  <\/p>\n<\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>\u3082\u3057\u7d44\u7e54\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u3092\u767b\u9332\u3059\u308b\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9\u30dd\u30ea\u30b7\u30fc\u304c\u3042\u308b\u5834\u5408\u3001\u30e6\u30fc\u30b6\u30fc\u304cWindows Hello for Business(WHfB)\u3092\u8a2d\u5b9a\u3057\u305f\u308amacOS\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0SSO\u8a8d\u8a3c\u60c5\u5831\u3092\u767b\u9332\u3057\u305f\u308a\u3059\u308b\u969b\u306b\u3001\u305d\u306e\u30dd\u30ea\u30b7\u30fc\u304c\u9069\u7528\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u73fe\u5728\u3001\u3053\u308c\u3089\u306e\u767b\u9332\u30d5\u30ed\u30fc\u306fMFA\u3092\u5f37\u5236\u3057\u307e\u3059\u304c\u3001\u767b\u9332\u3092\u30bf\u30fc\u30b2\u30c3\u30c8\u3068\u3059\u308b\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9\u30dd\u30ea\u30b7\u30fc\u306f\u8a55\u4fa1\u3057\u307e\u305b\u3093\u3002\u3064\u307e\u308a\u3001\u8a8d\u8a3c\u5f37\u5ea6\u3084\u4fe1\u983c\u3067\u304d\u308b\u5834\u6240\u3001\u305d\u306e\u4ed6\u306eCA\u6761\u4ef6\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304cWHfB\u3084macOS\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306eSSO\u8a8d\u8a3c\u60c5\u5831\u3092\u767b\u9332\u3057\u305f\u969b\u306b\u306f\u9069\u7528\u3055\u308c\u307e\u305b\u3093\u3002\u3053\u306e\u5909\u66f4\u306f\u305d\u306e\u30ae\u30e3\u30c3\u30d7\u3092\u57cb\u3081\u307e\u3059\u3002<\/p>\n<p>  <\/p>\n<p>\u3053\u308c\u3089\u306e\u30dd\u30ea\u30b7\u30fc\u3092\u6301\u305f\u306a\u3044\u7d44\u7e54\u306f\u5f71\u97ff\u3092\u53d7\u3051\u307e\u305b\u3093\u3002<\/p>\n<p><b><\/b><\/p>\n<p><b>\u305d\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u306e\u304b<\/b><\/p>\n<p>. <b>2026\u5e747\u67086\u65e5:\u6bb5\u968e\u7684\u306a\u5c55\u958b\u304c\u59cb\u307e\u308a\u307e\u3059\u3002<br \/>  <\/b><\/p>\n<p>. 2026\u5e747\u670813\u65e5:\u5168\u30c6\u30ca\u30f3\u30c8\u306e\u5c55\u958b\u5b8c\u4e86\u3002<\/p>\n<\/p>\n<p><b>\u3053\u308c\u304c\u3042\u306a\u305f\u306e\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff<\/b><\/p>\n<p>WHfB\u307e\u305f\u306fmacOS PSSO\u306e\u8a8d\u8a3c\u60c5\u5831\u3092\u767b\u9332\u3059\u308b\u30e6\u30fc\u30b6\u30fc\u306f\u3001\u767b\u9332\u5bfe\u8c61\u306e\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9\u30dd\u30ea\u30b7\u30fc\u8981\u4ef6\u3092\u6e80\u305f\u3059\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001\u65e2\u5b58\u306eFIDO2\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ad\u30fc\u3092\u4f7f\u7528\u3057\u305f\u308a\u3001Microsoft Authenticator\u3067\u30d7\u30c3\u30b7\u30e5\u901a\u77e5\u3092\u627f\u8a8d\u3057\u305f\u308a\u3001\u4fe1\u983c\u3067\u304d\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u62e0\u70b9\u304b\u3089\u63a5\u7d9a\u3057\u305f\u308a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u3001\u30dd\u30ea\u30b7\u30fc\u306e\u8981\u4ef6\u306b\u5fdc\u3058\u3066\u5bfe\u5fdc\u3059\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002\u8a2d\u5b9a\u3057\u305fGrant\u306e\u7ba1\u7406\u306f\u9069\u7528\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u6761\u4ef6\u3092\u6e80\u305f\u3057\u3066\u3044\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u306f\u3001\u6761\u4ef6\u3092\u6e80\u305f\u3059\u307e\u3067\u767b\u9332\u3092\u5b8c\u4e86\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n<\/p>\n<p>  <\/p>\n<p><b>\u884c\u52d5\u63a8\u5968<\/b><\/p>\n<ol>\n<li>Entra\u7ba1\u7406\u30bb\u30f3\u30bf\u30fc&gt;\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9\u4fdd\u8b77&gt;\u3001\u767b\u9332\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u3092\u5bfe\u8c61\u3068\u3057\u305f\u30dd\u30ea\u30b7\u30fc\u3092\u898b\u3064\u3051\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<li>\u52a9\u6210\u91d1\u306e\u7ba1\u7406\u65b9\u6cd5\u3092\u898b\u76f4\u3057\u3001\u767b\u9332\u6642\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u6e80\u305f\u3059\u3079\u304d\u8981\u4ef6(\u8a8d\u8a3c\u5f37\u5ea6\u3001\u4fe1\u983c\u3067\u304d\u308b\u5834\u6240\u3001MFA\u65b9\u5f0f)\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<li>\u65b0\u3057\u3044\u30c7\u30d0\u30a4\u30b9\u3092\u8a2d\u5b9a\u3059\u308b\u30e6\u30fc\u30b6\u30fc\u304c\u30dd\u30ea\u30b7\u30fc\u8981\u4ef6\u3092\u6e80\u305f\u305b\u308b\u304b\u3069\u3046\u304b\u3092\u8003\u616e\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u4f8b\u3048\u3070\u3001\u30c7\u30d0\u30a4\u30b9\u8a2d\u5b9a\u3092\u59cb\u3081\u308b\u524d\u306bFIDO2\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ad\u30fc\u3084\u305d\u306e\u4ed6\u306e\u8cc7\u683c\u8a3c\u660e\u66f8\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<li>\u5f37\u5236\u304c\u30c6\u30ca\u30f3\u30c8\u306b\u5c4a\u304f\u524d\u306b\u5831\u544a\u5c02\u7528\u30e2\u30fc\u30c9\u3067\u30c6\u30b9\u30c8\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<li>\u30d8\u30eb\u30d7\u30c7\u30b9\u30af\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u30c7\u30d0\u30a4\u30b9\u8a2d\u5b9a\u6642\u306b\u65b0\u3057\u3044\u8a8d\u8a3c\u30d7\u30ed\u30f3\u30d7\u30c8\u304c\u8868\u793a\u3055\u308c\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002<\/li>\n<\/ol>\n<p>\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u671f\u9593\u4e2d(7\u67086\u65e5\u301c7\u670813\u65e5)\u306b\u554f\u984c\u304c\u767a\u751f\u3057\u305f\u5834\u5408\u306f\u3001Microsoft\u30b5\u30dd\u30fc\u30c8\u307e\u305f\u306f\u30a2\u30ab\u30a6\u30f3\u30c8\u30c1\u30fc\u30e0\u306b\u9023\u7d61\u3057\u3066\u652f\u63f4\u3092\u53d7\u3051\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u8a73\u7d30\u306f\u3053\u3061\u3089: <a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/conditional-access\/policy-all-users-security-info-registration\" target=\"_blank\">  \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u767b\u9332\u306bMFA\u3092\u5fc5\u9808<\/a>  <\/p>\n<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1326253 | Conditional Access policies now apply to Windows Hello for Business and macOS Platform SSO registr [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16591","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/16591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=16591"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/16591\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=16591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=16591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=16591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}