Windows Hello hybrid key trust checking

%3CLINGO-SUB%20id%3D%22lingo-sub-2157055%22%20slang%3D%22en-US%22%3EWindows%20Hello%20hybrid%20key%20trust%20checking%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2157055%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Everyone%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20working%20with%20a%20client%20on%20a%20WHfB%20implementation%20using%20hybrid%20key%20trust%20deployment%20method.%20The%20customer%20has%20opted%20to%20use%20GPO%20as%20they%20not%20quite%20ready%20yet%20for%20Intune%20policies.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20machines%20tested%20are%20using%201909%20of%20Windows%2010%20and%20are%20Hybrid%20joined%20which%20much%20of%20the%20policies%20being%20deployed%20using%20GPO%20however%20I%20noticed%20when%20the%20device%20is%20in%20MEM%20it%20has%20Intune%20workloads%20set%20for%20device%20configuration.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20this%20model%20can%20I%20ask%20if%20its%20ok%20to%20use%20GPO%20WHfB%20policies%20over%20Intune%20or%20would%20I%20need%20to%20use%20Intune%20policies%3F%20When%20reviewing%20the%20configuration%20it%20seems%20that%20it%20is%20applying%20the%20policies.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Dsregcmd%20command%20shows%20the%20policy%20enabled%20as%20no%2C%20would%20I%20expect%20this%20if%20the%20policy%20is%20not%20delivered%20by%20Intune%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20I%20want%20to%20confirm%20that%20the%20machine%20is%20using%20WhFB%20rather%20than%20just%20regular%20Windows%20Hello.%20Is%20there%20a%20way%20I%20can%20confirm%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20in%20advance%20for%20advice%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2157055%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hi Everyone

 

I am working with a client on a WHfB implementation using hybrid key trust deployment method. The customer has opted to use GPO as they not quite ready yet for Intune policies.

 

The machines tested are using 1909 of Windows 10 and are Hybrid joined which much of the policies being deployed using GPO however I noticed when the device is in MEM it has Intune workloads set for device configuration. 

 

With this model can I ask if its ok to use GPO WHfB policies over Intune or would I need to use Intune policies? When reviewing the configuration it seems that it is applying the policies.

 

The Dsregcmd command shows the policy enabled as no, would I expect this if the policy is not delivered by Intune?

 

Also I want to confirm that the machine is using WhFB rather than just regular Windows Hello. Is there a way I can confirm this?

 

Many thanks in advance for advice on this.

 

 

0 Replies