Forum Discussion
AndrewManning
May 21, 2020Copper Contributor
Windows Hello enforces 2FA
In a school environment we want to use Windows Hello. If I disable it, all users can sign into AzureAD managed devices easily. However they cannot enable Windows Hello (face) If I enable Win...
AndrewManning
May 23, 2020Copper Contributor
In Device Restriction profile there is one called "Windows Hello device authentication" (it does not mention Business).
I wonder if this would allow it?
I would need to do some testing first
Thijs Lecomte
May 23, 2020Bronze Contributor
I checked the docs, this doesn't do what you desire:
Windows Hello device authentication: Allow users to use a Windows Hello companion device, such as a phone, fitness band, or IoT device, to sign in to a Windows 10 computer. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might prevent Windows Hello companion devices from authenticating.
https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10
Windows Hello device authentication: Allow users to use a Windows Hello companion device, such as a phone, fitness band, or IoT device, to sign in to a Windows 10 computer. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might prevent Windows Hello companion devices from authenticating.
https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10