Windows Hello for Business implementation

Brass Contributor


For a couple of days now we've introduced Windows Hello for Business (WHfB) to a subset of test devices from within Intune. Everything works as expected except for one thing I guess:


When someone tries to logon with a non-enterprise account (eg. in Teams, and/or Onedrive, the machine is prompting to authenticate with WHfB. Am I missing something? Why is this happening and how can we prevent this?


Any thoughts are welcome.

8 Replies
I guess that's just Windows Hello for Business trying to be nice for you :) If you login to a client using Windows Hello for Business, it defaults to that when getting prompted for credentials. You can select other options and then enter a username/password right?

Not sure if you can but what I'm more interested in is, why is this happening for personal accounts and how can we prevent this?

Hi Jordi,

Is the Config Profile scoped for Devices? If yes, I would scope it for users.
Are the non enterprise accounts guest in your tenant? I would also unlink it from Email accounts under Accounts- Setting.

Let’s us know how it goes!


We are using the Settings catalog and basically used all the Windows Hello settings available which is already scoped to users, the enterprise accounts are not guests. See the below snippet from my environment:



The issue shows up in the non-work Teams app. 

I'm not sure what you mean by "unlink it from Email accounts". Can you elaborate?


Yes unlink them, is it possible to change from Catalog Setting to Regular Template Profile- Identity Protection for testing?


Unlinked it and tried the Regular Template Profile- Identity Protection: same issue.



Try disabling this setting and give another try-