Forum Discussion
Rollout Windows hello for Business
- Oct 21, 2024
StefanKi To make the migration smoother, you can use a PowerShell script distributed through Intune to perform a destructive PIN reset. This will remove existing credentials, forcing users to configure the PIN again. It is also useful to configure Temporary Access Pass (TPA) in Azure AD, which will allow users without MFA to securely reset the PIN. In addition, implementing compliance and conditional access policies will ensure that the PIN reset is completed within a set time interval, requiring the use of MFA or TPA. In this way, you will ensure that old credentials are removed and that all users are guided through a secure process for setting up Windows Hello for Business.
How can I make the process: “However, by automating the removal of existing credentials and implementing MFA, the migration process will be smoother.” ?
I was thinking of a way via Destructive PIN reset and TPA. Here I can define a time period in which the PIN must be reset. The TPA must be used for the pin reset.
How can I switch between non-destructive and destructive pin reset?
StefanKi To make the migration smoother, you can use a PowerShell script distributed through Intune to perform a destructive PIN reset. This will remove existing credentials, forcing users to configure the PIN again. It is also useful to configure Temporary Access Pass (TPA) in Azure AD, which will allow users without MFA to securely reset the PIN. In addition, implementing compliance and conditional access policies will ensure that the PIN reset is completed within a set time interval, requiring the use of MFA or TPA. In this way, you will ensure that old credentials are removed and that all users are guided through a secure process for setting up Windows Hello for Business.
- StefanKiOct 21, 2024Iron Contributor
micheleariis Thank you for your awesome support.
That's a very good idea. That way I can simplify the rollout for the user.
1) Create a TAP for the user
2) Provide script (store - then the user can set the time, in a time frame, himself)
3) After the restart, the user can perform a pin reset on the start page- micheleariisOct 21, 2024MCT
StefanKi Well, I'm glad I could help you 🙂
Bye-bye