Intune - disable Windows Hello

Copper Contributor

I have a goal: 

1. Disable Windows Hello for Business without impacting current users on EntraID via Intune,
2. Configure password sync on the Okta site and Entra ID and MDM device

What could be the way to disable PIN (for onboarded devices) and switch only to a password on endpoints? the password must be synchronized with Okta in both directions.

Thank you,

3 Replies

@golovasheveo 

To disable Windows Hello for Business (WHfB) while ensuring that current users are not impacted, you need to configure a policy in Intune that targets only the new or unenrolled devices. Targeting Windows 10 and later while setting Configure Windows Hello for Business is Disabled. Assign this profile to a group that includes the new or specific devices you want to target. Avoid assigning this policy to the group that contains current users/devices using WHfB. 

Thank you