Forum Discussion
Rollout Windows hello for Business
StefanKi To make the migration smoother, you can use a PowerShell script distributed through Intune to perform a destructive PIN reset. This will remove existing credentials, forcing users to configure the PIN again. It is also useful to configure Temporary Access Pass (TPA) in Azure AD, which will allow users without MFA to securely reset the PIN. In addition, implementing compliance and conditional access policies will ensure that the PIN reset is completed within a set time interval, requiring the use of MFA or TPA. In this way, you will ensure that old credentials are removed and that all users are guided through a secure process for setting up Windows Hello for Business.
StefanKi To make the migration smoother, you can use a PowerShell script distributed through Intune to perform a destructive PIN reset. This will remove existing credentials, forcing users to configure the PIN again. It is also useful to configure Temporary Access Pass (TPA) in Azure AD, which will allow users without MFA to securely reset the PIN. In addition, implementing compliance and conditional access policies will ensure that the PIN reset is completed within a set time interval, requiring the use of MFA or TPA. In this way, you will ensure that old credentials are removed and that all users are guided through a secure process for setting up Windows Hello for Business.
micheleariis Thank you for your awesome support.
That's a very good idea. That way I can simplify the rollout for the user.
1) Create a TAP for the user
2) Provide script (store - then the user can set the time, in a time frame, himself)
3) After the restart, the user can perform a pin reset on the start page
StefanKi Well, I'm glad I could help you 🙂
Bye-bye