Description

For Windows 10/11 devices, use of Windows Hello for Business replaces the use of passwords with strong two-factor authentication on devices. This authentication consists of a user credential that’s tied to a device and uses a biometric or PIN.

Policy

• Windows Hello for Business should be configured where applicable

Licensing Considerations

• Any tenant with Intune licensing can access this setting.

Set-Up Instructions

Configure Windows Hello at the time of enrollment: Configure a tenant-wide Windows Hello for Business policy with Microsoft Intune - Microsoft Intune | Microsoft Learn

Configure Windows Hello after device enrollment: Deploy policy for Windows Hello to groups of Windows 10 and Windows 11 devices in Microsoft Intune | Microsoft Learn

End-User Impact

Users will be prompted to set up facial recognition or fingerprint depending on the device. Users will also be asked to establish a pin in case that biometric authentication fails or cannot be accessed.

PowerShell Scripts

powershell-intune-samples/DeviceConfiguration at master · microsoftgraph/powershell-intune-samples (github.com)

Videos