When the effective Defender policy "Authentication method" is Token followed by None:
- The user is prompted for User name and Passcode. They should enter the Active Directory (AD) user name and the token response in the "Passcode" field.
If they have not logged in with Defender before it will tell them "Defender currently has no record of your password" and they'll be asked to enter it...
- Once the user enters the AD password and has logged in successfully, subsequent logins will be user name and token response only (entered in the "Passcode" field).
When the effective Defender policy "Authentication method" is Active Directory Password followed by Token:
- The AD password must be entered in the "Passcode" field. Following that the user is prompted to enter a token response:
- They are then prompted to enter the "synchronous response" in the "Passcode" field:
Other policy configurations will behave similarly, thus it's important to test for the desired results and explain to users what the correct procedure is.