Forum Discussion
Disable Windows Hello for Business
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
7 Replies
I agree with mates about checking enrollment or configuration policies.
Do you use security Baselines? It could be coming from there as well.
Moe
I am having a similar issue here.
New Intune setup, and Windows Hello set to Disabled.
Seems to happen if I change the primary user - the first time the new user logs in, they get prompted to set up Windows Hello. It does allow it to be skipped / cancelled, but doesn't look good and I am concerned in case it reappears.
Anyone have any suggestions?
Thanks
Joshua Dolecal as mentioned also at: https://techcommunity.microsoft.com/t5/azure/disable-quot-windows-hello-quot/m-p/143151#
It can be done if you have Intune licenses.
If you haven't any, I suggest the workaround as followingFirst Setup a Intune trial
https://docs.microsoft.com/en-us/intune/fundamentals/free-trial-sign-up#sign-up-for-a-microsoft-intune-free-trialassigning one license to a random user, so we gain access to the Intune portal
https://devicemanagement.microsoft.com/Go to Devices > Windows > Windows Device enrollment
https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesWindowsMenu/windowsEnrollmentClick on Windows Hello for Business and at the bottom, at the "Configure Windows Hello for Business" select Disable, Apply
Please be advised to cancel the trial after completing this steps, so you will not be billed in the future.
Note: The Intune portal might change time to time, (design, arrangements )WHFB is disabled in the Windows Device Enrollment blade it might be worth checking to ensure you don't have any Identity protection policies configuration in device configuration policies which is enabling it for users.
The entire Windows development departments were and are still in their Augmented Reality where it is acceptable to code operating systems like banner ads, and come to the workplace under the influence of prohibited substances.
As a result, Hello for Business will also check your device every few hours to see if it can't already provision Hello for Business, because it checked a day ago, and was told it wasn't capable. I guess Hello for Business wants to say Hello to the Event Viewer and Error Reporting log too.
You have to have full Intune and not Intune for EDU. You need to make sure it is disabled in Intune on Azure portal. Some more details - https://social.msdn.microsoft.com/Forums/en-US/d212507c-55ea-49a3-971e-4dd19e0ea539/pin-required-for-azure-ad-join-of-devices-can-it-be-disabled-controlled
I keep getting an error on my logs about Azure, but I have never installed such a program. How is this program removed?
