Forum Discussion
How can I use "Windows Hello for Business" as passwordless sign-in on my laptop?
Thank you, BilalelHadd.
Yes, we are using cloud only Azure AD. WHfB is enabled on the tenant level and using the Endpoint security "Account protection" policy.
You are missing some critical steps to make use of WhFB. Rather than setting up a complicated PKI infrastructure, I recommend configuring Cloud Trust. Especially when your devices are Azure AD joined only. Many articles and blogs are available on configuring a Windows Hello for Business Cloud Trust. This would also enable you to access network drives and shares with WhFB. I hope this helps!
BilalelHadd Thank you. I did not set up a PKI infrastructure.
I followed all the steps described here: Windows Hello for Business Deployment Overview | Microsoft Learn and Windows Hello for Business Deployment Prerequisite Overview | Microsoft Learn.
Which information is missing there? Can you point me to those articles and blogs?
- Of course. Visit the following link:
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune
It should point you in the right direction. Following these steps requires no PKI infrastructure.The link you provided is about "Hybrid cloud Kerberos trust deployment". We are not in a hybrid scenario, nor do we have an Active Directory (on-prem). As mentioned before, the right deployment guide is Azure Active Directory join cloud only deployment | Microsoft Learn.
"When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, then there's no additional configuration needed."