WHFB

2 Topics

WHfB prompting for password at first login
Hi All, I can't seem to get these Intune policies correct for WHfB (Windows Hello for Business) I want WHfB active using a pin for a customer. I have a test VM setup and registered with WHfB correctly. When you first power on the machine and login, there is no prompt for a pin, only the M365 password. Once logged in, I can lock, or log off and I am prompted with the PIN login. I restart the VM and I am pack to having to use a password for the initial login. I have WHfB setup in the following areas Endpoint security | Account protection (Assigned to All devices and All users) Use Windows Hello for Business (Device) - True Use Windows Hello for Business (User) - True (tried without this first) Minimum PIN length - 6 Devices | Enrollment Configure Windows Hello for Business - Enabled TPM - Preferred Minimum PIN length - 6 Allow biometric - Yes Allow phone sign-in - Yes Devices | Configuration (assigned to All users & All devices) Turn on convenience PIN sign-in - Enabled Minimum PIN Length (User) - 6 Use Windows Hello For Business (User) - True Use Remote Passport - Enabled Allow Use of Biometrics - True I know there is quite some double up having this configured at all possible levels. I started with Device enrollment and a configuration profile, and then moved to Account protection. I'm currently going round in circles trying to work out why the initial login isn't prompting for a PIN. (I also built a new VM and it's doing the same thing). Although, first reboot it worked fine from memory. Thanks in advance Guru's
Solved
PaulM1405
Aug 30, 2024 Place Microsoft Intune
752Views
0likes
3Comments
Windows Hello for Business - Biometrics
Hi all, I disabled WHFB tenant wide, but created an Identity Protection configuration for it and applied it to one test machine. That works fine. Reading the documentation here: https://learn.microsoft.com/en-us/mem/intune/protect/identity-protection-windows-settings , it states if I leave Allow Biometrics to "Not Configured" Not configured (default) - Windows Hello for Business prevents biometric authentication (for all account types). It will prevent biometrics. This doesn't appear to be the case as my test laptop is prompting for fingerprint enrollment during the WHFB setup. Is the documentation wrong? Is there anyway I can disable biometrics for a device or group of devices?
DaithiG
Jan 27, 2023 Place Microsoft Intune
1.8KViews
0likes
1Comment