Emulating windows hello cred from physical box

Brass Contributor

I have azure-ad joined windows 10 VM in Azure

I want to unlock the VM from the VM's login-shell  (not want to provide creds on the RDP-client)  with the Windows Hello Credential stored on the physical Azure AD join device.

Is it a viable flow technically?


In other words,  what I want to validate is, 


I have a physical AAD-joined win10 device where I have enrolled Windows Hello

I want to use this WHfB credential while unlocking one Win 10 VM in Azure that I already RDP  into from this physical device.


So I am staring at the std. window's login screen  of  VM where I can put my password.

However, I do not want to feed password.

Instead I want to login with  WHfB-cred stored in the physical box.

We know we have  WebAuthn redirection  by  redirectwebauthn:i:1


Can we  use this RDP-property ?




2 Replies


Hello! You've posted your question in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your question to the Microsoft Entra space - please post Microsoft Entra questions here in the future. 

@testuser7 From how I understand The Documentation this would be possible if the Server is Server 2022 and you use Windows Hello for Business Certificate Trust - however I have not tested this before and WHfB Cert Trust is a little much for a quick test.