manage Interactive logon & Windows Hello multi-factor unlock

Contributor

Hi everyone,

 

We're going step by step on the passwordless strategy from Microsoft. Windows Hello multi-factor unlock is deployed in a Pilot Group but now I have two questions, which I hope someone here can answer.

 

Question 1: disable Windows Hello multi-factor unlock

Managed to enable WHMFU over custom OMA-URI Settings. But how can I disable it again? I tried it with a second custom OMA-URI Settings configuration profile which is configured as follows:

 

 preuley30_0-1666856489634.png

 

It works, but it seems, that it isn't disabled correctly. Sometimes I still get a message in the logon process which says something like "additional factor needs to verify" but it displays very quickly, and I verified that I can log on with only one factor again. Disabling the second unlock factor is configured like this as well.

 

Question 2: Enable "Interactive logon: Require Windows Hello for Business or smart card"

We want to enable this security option. However, Intune doesn't offer to manage this setting. So, I think that I must enable this over a custom OMA-URI Setting too or PowerShell script. How can I achieve this?

 

preuley30_0-1666857101048.png

 

Thanks so much for any support <3

0 Replies