Jun 30 2024 01:00 AM
I have a goal:
1. Disable Windows Hello for Business without impacting current users on EntraID via Intune,
2. Configure password sync on the Okta site and Entra ID and MDM device
What could be the way to disable PIN (for onboarded devices) and switch only to a password on endpoints? the password must be synchronized with Okta in both directions.
Thank you,
Jul 02 2024 11:56 AM
To disable Windows Hello for Business (WHfB) while ensuring that current users are not impacted, you need to configure a policy in Intune that targets only the new or unenrolled devices. Targeting Windows 10 and later while setting Configure Windows Hello for Business is Disabled. Assign this profile to a group that includes the new or specific devices you want to target. Avoid assigning this policy to the group that contains current users/devices using WHfB.
Jul 02 2024 01:29 PM
Worth to take a look at this: