Skip to content

Commit b24d91c

Browse files
alarnaudyalarnaudy
authored
Update msentramachinealwayspromptingforpassword-error.md
Add possible mitigations leveraging RDSAADAUTH
1 parent 6b6ac84 commit b24d91c

1 file changed

Lines changed: 20 additions & 0 deletions

File tree

support/power-platform/power-automate/desktop-flows/msentramachinealwayspromptingforpassword-error.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,27 @@ Your unattended desktop flow run fails with the "MSEntraMachineAlwaysPromptingFo
3030
Power Automate for desktop can't validate your Microsoft Entra ID (formerly Azure Active Directory) credentials on the machine. This issue is typically caused by a group policy setting on your machine.
3131

3232
## Resolution
33+
There are 3 possible paths to mitigate this issue
3334

35+
### Option 1: Use MSEntra Authentication for Remote Desktop - with a user certificate ###
36+
This option requires PAD 2.50 or above. It is best to use in case no MFA exception can be granted to the desktop flow connection account.
37+
38+
See [Certificate Base Authenticiation](https://learn.microsoft.com/power-automate/desktop-flows/configure-certificate-based-auth)
39+
40+
### Option 2: Use MSEntra Authentication for Remote Desktop - with a user/password ###
41+
This option requires PAD 2.49 or above. This option can be faster to setup in case an MFA Exception can be granted to the desktop flow connection account.
42+
43+
1. Force MSEntra authentication in PAD via registry key (use regedit, admin required)
44+
45+
|Registry Path|Registry Key| DWORD-32 Value|
46+
|-------------|------------|---------------|
47+
|Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Power Automate Desktop\Service|UseRdsAadAuthentication|1|
48+
49+
2. Configure [Hiding consent prompt for the target devices](https://learn.microsoft.com/power-automate/desktop-flows/run-unattended-desktop-flows#admin-consent-for-unattended-runs-using-cba-or-sign-in-credentials-with-nla-preview)
50+
3. Restart the Power Automate service
51+
4. Use a MSEntraID connection with user/password credentials. An MFA Exception is required for this account.
52+
53+
### Option 3: Disable fPromptForPassword
3454
To solve this issue, check the group policy setting on your machine.
3555

3656
1. Press the Windows key+<kbd>R</kbd> to open the **Run** dialog.

0 commit comments

Comments
 (0)