Jan 05 2023 12:57 AM
Hi all,
I disabled WHFB tenant wide, but created an Identity Protection configuration for it and applied it to one test machine. That works fine.
Reading the documentation here: https://learn.microsoft.com/en-us/mem/intune/protect/identity-protection-windows-settings , it states if I leave Allow Biometrics to "Not Configured"
It will prevent biometrics. This doesn't appear to be the case as my test laptop is prompting for fingerprint enrollment during the WHFB setup.
Is the documentation wrong? Is there anyway I can disable biometrics for a device or group of devices?
Jan 27 2023 08:22 AM
Hi,
We are using Account Protection profile for WH4B and it does not work like that (does not disable biometrics if it is not configured). I will switch WH4B settings from Account Protection in Endpoint Security to Identity Protection in Configuration Profiles and will let you know if I have the same result.
I'm running this simple script to disable biometrics:
$Registry = "HKLM\SOFTWARE\Policies\Microsoft\Biometrics"
if (!(Test-Path $Registry))
{
New-Item -Path "HKLM\SOFTWARE\Policies\Microsoft\Biometrics" -Force
}
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics" /v Enabled /t REG_DWORD /d 0 /f