At a glance: Conditional Access policies will now apply to Single Sign-On registration for Windows Hello for Business.
Microsoft is adjusting its Conditional Access policies and will include Single Sign-On registration for Windows Hello for Business for the first time starting July 6, 2026. The change affects Windows and macOS.
Microsoft is expanding the scope of its Conditional Access policies. So far, these policies have controlled access to resources and applications — in the future, they will also be applied to SSO registration for Windows Hello for Business. The change will take effect on July 6, 2026, and affects both Windows and macOS systems.
For CISOs, this means an expansion of control options in a critical authentication process. Windows Hello for Business is an essential component of passwordless authentication in Microsoft environments. If Conditional Access policies now apply at the initial SSO registration stage, this enables stricter control over which devices and users are permitted to register for SSO authentication — for example, through requirements for device compliance, network location, or risk level.
Organizations should review their existing Conditional Access policies and adjust them if necessary to avoid unwanted access denials during Windows Hello for Business registration. The measure contributes to the implementation of Zero-Trust principles and strengthens control over device identities in the access process.
Source: borncity.com · Published June 5, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.