Looping Login During Windows Hello for Business Setup
Nov 28, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview
Looping Login During Windows Hello for Business Setup.
Applies To
- Windows Hello for Business
- Okta Identity Engine (OIE)
- Okta Multi-Factor Authentication (MFA)
Cause
During the Windows Hello for Business enrollment process, Microsoft will require two-factor authentication.
If Microsoft is Federated with Okta and Okta MFA for Azure AD is checked, Okta must provide both primary and secondary factors in the authentication request.
Solution
In this configuration, if Okta does not provide Multi-Factor Authentication (MFA), the response will be rejected, and a new request will be sent to Okta.
Check the App-level Sign-on Policy for Office 365 and ensure that User must select: Any 2 factor types is set.
