Windows Hello for Business - Biometrics

David Gorman · ‎Jan 05 2023

Hi all,

I disabled WHFB tenant wide, but created an Identity Protection configuration for it and applied it to one test machine. That works fine.

Reading the documentation here: https://learn.microsoft.com/en-us/mem/intune/protect/identity-protection-windows-settings , it states if I leave Allow Biometrics to "Not Configured"

Not configured (default) - Windows Hello for Business prevents biometric authentication (for all account types).

It will prevent biometrics. This doesn't appear to be the case as my test laptop is prompting for fingerprint enrollment during the WHFB setup.

Is the documentation wrong? Is there anyway I can disable biometrics for a device or group of devices?

defaultuser007 · ‎Jan 27 2023

Hi,
We are using Account Protection profile for WH4B and it does not work like that (does not disable biometrics if it is not configured). I will switch WH4B settings from Account Protection in Endpoint Security to Identity Protection in Configuration Profiles and will let you know if I have the same result.
I'm running this simple script to disable biometrics:

$Registry = "HKLM\SOFTWARE\Policies\Microsoft\Biometrics"
if (!(Test-Path $Registry))
{
New-Item -Path "HKLM\SOFTWARE\Policies\Microsoft\Biometrics" -Force
}
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics" /v Enabled /t REG_DWORD /d 0 /f

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Windows Hello for Business - Biometrics

Windows Hello for Business - Biometrics

Re: Windows Hello for Business - Biometrics