Forum Discussion
How can I use "Windows Hello for Business" as passwordless sign-in on my laptop?
I have activated Windows Hello for Business using an Intune configuration profile. Now that it's activated - how can I use it? It does not appear as sign-in method when I'm prompted with sign-in wind...
Dear Kiril,
I am missing some context. Did you successfully set up any form of trust (e.g., Cloud, Key, or certificate trust? When stating Windows Hello for Business and Password-less, I assume you already have this setup. Could you confirm?
Also, there is a tenant-wide setting for WhFB. Which one did you configure? You can find the setting under the Intune Portal > Windows Devices > Windows enrollment > Windows Hello for Business. Don't set this feature to Disabled. Even if you would create a Configuration profile, this policy won't enable Windows Hello for Business.
I am missing some context. Did you successfully set up any form of trust (e.g., Cloud, Key, or certificate trust? When stating Windows Hello for Business and Password-less, I assume you already have this setup. Could you confirm?
Also, there is a tenant-wide setting for WhFB. Which one did you configure? You can find the setting under the Intune Portal > Windows Devices > Windows enrollment > Windows Hello for Business. Don't set this feature to Disabled. Even if you would create a Configuration profile, this policy won't enable Windows Hello for Business.
Thank you, BilalelHadd.
Yes, we are using cloud only Azure AD. WHfB is enabled on the tenant level and using the Endpoint security "Account protection" policy.
- Welcome! Kiril
You are missing some critical steps to make use of WhFB. Rather than setting up a complicated PKI infrastructure, I recommend configuring Cloud Trust. Especially when your devices are Azure AD joined only. Many articles and blogs are available on configuring a Windows Hello for Business Cloud Trust. This would also enable you to access network drives and shares with WhFB. I hope this helps!BilalelHadd Thank you. I did not set up a PKI infrastructure.
I followed all the steps described here: Windows Hello for Business Deployment Overview | Microsoft Learn and Windows Hello for Business Deployment Prerequisite Overview | Microsoft Learn.
Which information is missing there? Can you point me to those articles and blogs?
- Of course. Visit the following link:
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune
It should point you in the right direction. Following these steps requires no PKI infrastructure.
