This article provides a solution for enabling Okta credentials to sign into a Windows 10 or Windows 11 computer after joining Entra ID / Azure AD. This process involves updating the Office 365 application sign-on policy rules to allow sign-on attempts from devices joined to Azure AD using the Winlogin service.

• Microsoft Entra ID / Azure Active Directory (AD)
• Microsoft 365 / Office 365 (M365 / O365)
• Windows 10 or newer Devices
• Okta Credentials
• Okta Administrators

NOTE: Okta credentials cannot be used to sign into a Windows 10 or Windows 11 computer if Multi-Factor Authentication (MFA) is required.
 

For Okta Identity Engine (OIE) Orgs

1. Access the Okta Admin Console.
2. Navigate to the Office 365 application, and select the Sign-on tab.
3. Scroll down to User Authentication and click View policy details.
   This will direct to the Auth policy page for this app.
4. Create a new rule and name it accordingly.
5. Ensure Exchange ActiveSync/Legacy Auth is also entered under the last IF statement, Client is.
6. In the Access section, ensure that When all the conditions above are met, sign on to this application is is set to Allowed.
7. In the Custom Expression section, add request.userAgent.contains("Windows-AzureAD-Authentication-Provider").
8. Click Save to apply the changes.
9. Move the rule up in the priority list.

For Example, this image shows a request filtering for a user agent containing Windows-AzureAD-Authentication-Provider:
 

For Classic Orgs

1. Access the Okta Admin Console.
2. Navigate to the Office 365 application, and select the Sign-on tab.
3. Scroll down to Sign On Policy.
4. Click Add Rule and name it accordingly.
5. Keep everything as default, and modify just the following:
   1. If the user's client is any of these > only keep Exchange ActiveSync/Legacy Auth and Custom checked. Uncheck the rest.
   2. In the Custom field, enter: Windows-AzureAD-Authentication-Provider/1.0
6. Make sure the rule is set to allow access.
7. Click Save.
8. Move the rule all the way up in the priority list.