In AD Users and Computer we enabled the option 'Smart Card is required for interactive login'. This forces Smart Card login via that AD user account... That way no matter what computer that user logs in on they are forced to use a Smart Card, however, this causes a problem. We have a few mobile apps that use AD authentication. When we try to log into these apps from our iOS / iPhone we are unable to do so.. This is because it's wanting a Smart Card... What is the work around? The only GPO that force Smart Card is computer based.. We don't want to force all users on all computers to use Smart Cards.. So... I don't see a work around unless the mobile apps support some type of cert based SSO? Even then I don't think it will work for AD is looking for a Smart Card.