# Windows Hello for Business should be configured where applicable ## Description For Windows 10/11 devices, use of Windows Hello for Business replaces the use of passwords with strong two-factor authentication on devices. This authentication consists of a user credential that’s tied to a device and uses a biometric or PIN. ## Policy * Windows Hello for Business should be configured where applicable ## Licensing Considerations • Any tenant with Intune licensing can access this setting. ## Set-Up Instructions Configure Windows Hello at the time of enrollment: [Configure a tenant-wide Windows Hello for Business policy with Microsoft Intune - Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/windows-hello) Configure Windows Hello after device enrollment: [Deploy policy for Windows Hello to groups of Windows 10 and Windows 11 devices in Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/identity-protection-configure) ![](https://2434432314-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FCTly3knsVr9zUXbWG1eo%2Fuploads%2FstHGUWvgJbIwf8hYLYuK%2Fpic23.png?alt=media\&token=772f06dc-3d01-49fb-979e-9d9b7514fc54) ## End-User Impact {% hint style="info" %} Level: Low {% endhint %} Users will be prompted to set up facial recognition or fingerprint depending on the device. Users will also be asked to establish a pin in case that biometric authentication fails or cannot be accessed. {% hint style="info" %} Tips None Currently {% endhint %} ## PowerShell Scripts [powershell-intune-samples/DeviceConfiguration at master · microsoftgraph/powershell-intune-samples (github.com)](https://github.com/microsoftgraph/powershell-intune-samples/tree/master/DeviceConfiguration) ## Videos {% embed url="" %} {% embed url="" %}