Jul 19 2023 06:40 AM
We have WHFB enabled through the intune policy for all devices.
We're having issues on recently added hybrid-joined devices, they get errors when using Hello Authetification methods because we don't have any certificate infrastructure.
I can disable WHFB through a configuration profile for all hybrid joined devices and that works well, but those devices now can't use their fingerprint readers and are forced to use password authentication.
Before the hybrid join, they had local Windows Hello authentication methods like fingerprint or face unlock configured and this configuration now seems to be gone and can't be re-enabled. The windows settings say that the organisation has disabled Windows Hello.
Is there a way to disable our global WHFB policy for our hybrid-joined devices but allow them to use local/personal windows Hello authentication methods?
Jul 19 2023 07:34 AM
Jul 19 2023 10:48 AM - edited Jul 19 2023 11:00 AM
Just tried enabling convenience PIN through intune and through GPO, both won't work. I guess the WHFB disable by intune has higher priority.
EDIT: Just found out that in fact, as soon as WHFB is set to enabled or disabled at some point, that always overwrites convenience PIN. Now I'm trying to narrow the current global scope of WHFB
Jul 19 2023 10:58 AM