11-18-2020 02:10 AM
11-18-2020 02:10 AM
I have a problem in Microsoft Intune, i cant disable the default Policy That enable Windows Hello for Business.
11-18-2020 02:24 AM - edited 11-18-2020 03:12 AM
sadly the attached picture is not loading for me, so I can't comment on this, but in general as long as you are Intune Administrator you should have the option to modify the global policy under Home > Devices > Enroll Devices > Windows Enrollment > Windows Hello for Business (see attachment WHfB.png), just set it to Disabled (compare second screenshot WHfB2.png).
BTW, there is also an option to create a dedicated configuration profile to control this. So instead of modifying the global policy, you can leave it to "not configured" and create the Identity Protection configuration profile for Windows 10 and set the value there to disable (compare screenshot WHfBviaConfigProfile.png)
11-18-2020 05:11 AM
@Oliver Kieselbach Thanks for your reply.
The problem is with the default strategy, it is activated when I want to set it to unconfigured, nothing happens and the save button is greyed out.
I know very well that normally I must have the authorizations to modify it.
There is no policy configured in the Identity Protection section.
I have attached again the screen shot
11-18-2020 05:27 AM
This is not a normal behavior, I checked two tenants for you and I'm able to set it to "not configured" and I can save this successfully. You should have the same experience.
Maybe try a different browser? I used latest Edge (Chromium bsed).
Verify your credentials once again, use a Global Admin just to be sure.
11-18-2020 06:04 AM
11-18-2020 06:16 AM
I guess you are talking about the Global Administrator when you wrote General Administrator, there is no General Administrator. So, that's fine if you are Global Administrator... you really should be able to set this then. I guess you also don't have any PIM activated, when you wrote you assigned it to the role.
Did you try a simple thing like setting it to one of the values Enable -> Save, and next try setting it to Disable -> save... does it change somehow anything that you are maybe after these multiple savings able to set it to not configured?
If not, I guess you have to open a ticket, maybe it's a specific tenant problem then. I verified now in 3 tenants and can set it in all of them to not configured without any issues. The UI behaves always normally.
11-24-2020 06:52 AM
@Oliver Kieselbach Hello Olivier,
thank's for your support.
I found the solution, the problem came from the MDM authority declared in Microsoft Endpoint Manager, I saw that it was on Microsoft 365 MDM and I switched it to Microsoft Intune and it works.