Forum Discussion

awaaziz's avatar
awaaziz
Copper Contributor
Nov 18, 2020

Can't Disable Default Windows Hello for Business Policy

Hello,   I have a problem in Microsoft Intune, i cant disable the default Policy That enable Windows Hello for Business.   Best regards
Intune
Oliver Kieselbach's avatar
Oliver Kieselbach
MVP
Nov 18, 2020

Hi awaaziz,

 

sadly the attached picture is not loading for me, so I can't comment on this, but in general as long as you are Intune Administrator you should have the option to modify the global policy under Home > Devices > Enroll Devices > Windows Enrollment > Windows Hello for Business (see attachment WHfB.png), just set it to Disabled (compare second screenshot WHfB2.png).

 

BTW, there is also an option to create a dedicated configuration profile to control this. So instead of modifying the global policy, you can leave it to "not configured" and create the Identity Protection configuration profile for Windows 10 and set the value there to disable (compare screenshot WHfBviaConfigProfile.png)

 

best,

Oliver

awaaziz's avatar
awaaziz
Copper Contributor
Nov 18, 2020

Oliver Kieselbach Thanks for your reply.

The problem is with the default strategy, it is activated when I want to set it to unconfigured, nothing happens and the save button is greyed out.

I know very well that normally I must have the authorizations to modify it.

There is no policy configured in the Identity Protection section.

 

I have attached again the screen shot

  • Oliver Kieselbach's avatar
    Oliver Kieselbach
    MVP
    Nov 18, 2020

    awaaziz 

     

    This is not a normal behavior, I checked two tenants for you and I'm able to set it to "not configured" and I can save this successfully. You should have the same experience.

     

     

    Maybe try a different browser? I used latest Edge (Chromium bsed).

    Verify your credentials once again, use a Global Admin just to be sure.

     

    best,

    Oliver

    • awaaziz's avatar
      awaaziz
      Copper Contributor
      Nov 18, 2020
      I have created an account in the cloud and I assign the role of General Administrator to it and always the same problem

      I have tested other Edge Firefox browsers and still have the same problem.
      • Oliver Kieselbach's avatar
        Oliver Kieselbach
        MVP
        Nov 18, 2020

        Hi awaaziz,

         

        I guess you are talking about the Global Administrator when you wrote General Administrator, there is no General Administrator. So, that's fine if you are Global Administrator... you really should be able to set this then. I guess you also don't have any PIM activated, when you wrote you assigned it to the role. 

         

        Did you try a simple thing like setting it to one of the values Enable -> Save, and next try setting it to Disable -> save... does it change somehow anything that you are maybe after these multiple savings able to set it to not configured?

         

        If not, I guess you have to open a ticket, maybe it's a specific tenant problem then. I verified now in 3 tenants and can set it in all of them to not configured without any issues. The UI behaves always normally.

         

        best,

        Oliver 

Resources