01-09-2018 09:46 AM
01-09-2018 09:46 AM
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
01-11-2018 12:54 PM
05-31-2018 04:17 AM
users signing on with a PIN are blocked from accessing local SMB shares like on NAS devices with simple username/password logins
until MS fix this problem, Windows Hello has to be disabled if you use local file storage in this way (we use a NAS for backing up local systems)
11-29-2018 01:18 AM
03-13-2019 06:16 AM
You can disable Windows Hello from Windows Enrollment in Intune, but you cant disable PIN after enrollment.
I have suggested this to be fixed, and please vote for my suggestion at Microsoft
04-01-2019 03:17 AM
@Anders Eide To add to the SMB issue, PC's setup with Windows Hello during Windows setup complain that they have no local administrator account during recovery - meaning they can't be recovered.
The idea is solid, but as with virtually all of the recent 365 'improvements' turned on by default (clutter, focussed inbox etc) they're being foisted on users that don't need them, they are tricky if not impossible to remove, and just generate support issues needlessly.
01-08-2020 06:56 AM - edited 01-08-2020 06:58 AM
I also strongly recomend disabling it for now. But it is possible to use hello and a local nas although it is not recomended... you need to change login alternative and choose other user and log in by that was but it is much more inconvinient than just not using Hello.
01-08-2020 07:03 AM
@ErikROsberg There is no need for extra local accounts if you use a NAS. Just make a network connection to your NAS and save it as you connect. That way the credentials will be stored in the Windows Credential Manager (press "start" and type "credential manager" to launch it). You can then easily logon to windows using Windows Hello and the link to your NAS will just work on the basis of your stored password.
01-22-2020 12:42 PM - edited 01-22-2020 12:44 PM
@James King This is definitely still happening. Any network drive will not be able to be accessed if using Windows Hello. It will say "A specified logon session does not exist. It may have already been terminated."
* I have tried just about everything on the the forums regarding Groupedit, Advanced Network Permissions & Settings to no avail.
I run IT for office with 10+ users accessing a server.
02-07-2020 10:27 AM
It can be done if you have Intune licenses.
If you haven't any, I suggest the workaround as following
First Setup a Intune trial
assigning one license to a random user, so we gain access to the Intune portal
Go to Devices > Windows > Windows Device enrollment
Click on Windows Hello for Business and at the bottom, at the "Configure Windows Hello for Business" select Disable, Apply
Please be advised to cancel the trial after completing this steps, so you will not be billed in the future.
Note: The Intune portal might change time to time, (design, arrangements )