Is it possible to enable Windows Hello directly on an Azure VM running windows with vTPM enabled

Copper Contributor

We've tried creating Windows VMs on Azure to test out using Windows Hello as a webauthn platform authenticator _on the VM itself_ - this is to create a machine bound credential for running RPA processes. 

 

However, despite created a trusted VM and making sure it has a vTPM, we aren't able to enable Windows Hello on the VM itself, therefore cannot present the VM as a platform authenticator to webauthn. 

 

Is this actually possible?

3 Replies
Yes this is possible, you will need to do this via Azure Virtual Desktop and configure to authenticate against Azure AD using Windows Hello. The authentication token should then also be present inside the VM. See here - https://techcommunity.microsoft.com/t5/azure-virtual-desktop-blog/announcing-public-preview-of-sso-a...

Note this is in public preview
Is it possible on a non-domain joined virtual desktop? So just windows hello enabled to allow the desktop to act as a platform authenticator for other webauthn enabled applications (not AAD)