General configuration settings
/DISABLEMSPROVIDER
Disable the default Microsoft built-in password provider.
Disabling the default password provider removes Microsoft's default logon mechanism. If FortiAuthenticator Agent malfunctions or otherwise prevents access to the machine, even safe mode may not resolve the issue. When enabling this feature, it is recommended to have at least one exempt user configured who has administrative access. This will mean that even while the FortiAuthenticator Agent service is running, exempt users can bypass FortiAuthenticator Agent authentication. |
If the built-in provider remains enabled, users can bypass two factor authentication by using the default provider. |