How to configure Windows Hello Face to let me in?

Copper Contributor

I'm playing around with Microsoft Intune and noticed some weird things.

I have created a Device Configuration profile > Endpoint protectionLocal device security option for Elevation prompt for standard user > Prompt for credentials on the secure desktop, but usually, in the morning this stops working and when I'm trying to run let's say cmd as admin I can't because getting application blocked by your administrator.

The second thing I have no idea is how but I'm not able to turn on Windows Hello Face, on the login screen Windows Hello Faces recognizes me, but I still, need to enter the pin. I can't find where could this be configured. There was a setting for forcing users to input their password after sleep after I tested this setting I turned it off and since that moment I can't bring Intune to allow logging only with windows Hello face.

And every time after restart I need to log in with the usual credential email and password, window does not remember the last logged user.
Maybe someone can give me tip?


3 Replies
How are you configuring Windows Hello for Business? Are the devices HAADJ or AADJ?
After Window Hello stopped working I just enabled it from Device > Enrolment.
Devices AADJ.
That is a tenant wide setting and will work during enrollment through oobe. Use device restriction identity protection profile or account protection profile under endpoint security.