07-24-2018 07:29 AM
07-24-2018 07:29 AM
In the release notes for build 17713, support was announced for logging into remote desktop sessions using biometrics via windows hello. I have a few questions I'm hoping someone can answer:
The way the blog post is worded, it's not clear whether the 'new' part of this is strictly related to biometrics, or if using Windows Hello to log into a remote desktop server is completely new. Was it previously possible to use Windows Hello with a PIN to log in to a remote desktop session? If so, is there any documentation on this available?
In the example used in the blog post, the Remote Desktop connection is from a Windows 10 client to a Windows Server 2016 server. Is Server 2016 required, or will this work with older server OS versions?
Does it matter which type of deployment (Key-Trust vs Certificate-Trust) is used for Windows Hello for business?
I've tried using this feature in my environment, to connect from a client running build 17713 to a Server 2016 server, but get an error "The client certificate does not contain a valid UPN. . . " (screenshot below)
Any idea what would cause that?
Have any Insiders out there been able to use this new feature successfully?
10-03-2018 10:58 AM
Did you ever figure this out? Just installed 1809 and ran into the same message.
10-03-2018 03:31 PMSolution
Although late, we have published information around WHfB with RDP :
01-07-2019 10:57 AM
This only pertains to certificate trust deployments and biometrics. Will WHFB work with rdp/rdweb while using a PIN?
01-25-2019 08:23 PM
I performed the steps in the guide after seeing this error and now WHFB has completely dissapeared as an option for RDP. Just traditional UPN or Domain\user logon are the only options. I would love to go password-less, but it seems there is still some refinement required.
02-04-2019 11:30 AM
It would be nice to actually get a reply to one question I ask on this forum.
02-04-2019 12:41 PM
RDP with Windows Hello for Business only works with certificate based deployments. Support for RDP with Windows Hello for Business PIN has been available for multiple releases. The changes in 1809 add support for biometric auth in addition to PIN.
02-04-2019 12:55 PM
04-17-2019 01:03 PM
06-03-2019 09:59 PM
06-04-2019 04:57 AM
06-12-2019 08:33 AM
06-12-2019 01:08 PM
@jurajt Nope, not as far as I know. If it was resolved, and key-trust worked with RDP, I would be chugging margaritas and dancing on tables.
06-12-2019 03:52 PM
Sadly it still hasn't been fixed, and there is still little information available. I'm engaging Microsoft under our Unified Support to better understand what's happening in this space.
06-12-2019 05:41 PM
06-12-2019 05:44 PM
I'd be happy with a registry key to disable/hide the PIN/Biometric login option from RDP while Microsoft work to make the Key Trust model work.