Forum Discussion
Azure AD Joined device is not honoring Windows Hello for Business Config Policy from Intune
With the availability of Cloud Kerberos Trust we are now able to deploy WHfB to our Hybrid workforce but we do have a handful of Azure AD Joined devices that we also need to deploy to, all of these d...
Do you have the tenant wide WHfB feature enabled in Intune by any chance?
The one under Device Enrollment? If so, it's Disabled and the rest of the settings match the policy I set. I only thought this one came into play during out of box setup (ie, enrollment) and is the lowest priority so other policies can overwrite it.
- Seems about right. I personally never used settings catalog to configure WHfB policies. Either used endpoint security account protection profile or device configuration identity protection profile. Each have their own pros and cons.
- I still haven’t figured out the pros and cons to each despite writing out the differences. I have also tried setting the configuration through all methods and the results are the same. The device ignores what is set.
