dmulder
commented
4 months ago There is an additional problem here. The user is only SFA because it hasn't had MFA enrolled yet, but MFA is required. Fixing the deadlock in the DAG allows us to SFA the user, but then Windows Hello enrollment fails. Apparently Windows Hello only works with MFA.
While MFA now works smoothly, SFA users (those who have not enabled MFA) are unable to sign in at all. This is a show stopper for the 0.3.0 release, and needs to be fixed.