Forum Discussion

Kiril's avatar
Kiril
Steel Contributor
Nov 22, 2022

How can I use "Windows Hello for Business" as passwordless sign-in on my laptop?

I have activated Windows Hello for Business using an Intune configuration profile. Now that it's activated - how can I use it? It does not appear as sign-in method when I'm prompted with sign-in window.

  • BilalelHadd's avatar
    BilalelHadd
    Iron Contributor
    Dear Kiril,

    I am missing some context. Did you successfully set up any form of trust (e.g., Cloud, Key, or certificate trust? When stating Windows Hello for Business and Password-less, I assume you already have this setup. Could you confirm?

    Also, there is a tenant-wide setting for WhFB. Which one did you configure? You can find the setting under the Intune Portal > Windows Devices > Windows enrollment > Windows Hello for Business. Don't set this feature to Disabled. Even if you would create a Configuration profile, this policy won't enable Windows Hello for Business.
    • Kiril's avatar
      Kiril
      Steel Contributor

      Thank you, BilalelHadd.

       

      Yes, we are using cloud only Azure AD. WHfB is enabled on the tenant level and using the Endpoint security "Account protection" policy.

       

      • BilalelHadd's avatar
        BilalelHadd
        Iron Contributor
        Welcome! Kiril

        You are missing some critical steps to make use of WhFB. Rather than setting up a complicated PKI infrastructure, I recommend configuring Cloud Trust. Especially when your devices are Azure AD joined only. Many articles and blogs are available on configuring a Windows Hello for Business Cloud Trust. This would also enable you to access network drives and shares with WhFB. I hope this helps!

Resources