Forum Discussion
How can I use "Windows Hello for Business" as passwordless sign-in on my laptop?
You are missing some critical steps to make use of WhFB. Rather than setting up a complicated PKI infrastructure, I recommend configuring Cloud Trust. Especially when your devices are Azure AD joined only. Many articles and blogs are available on configuring a Windows Hello for Business Cloud Trust. This would also enable you to access network drives and shares with WhFB. I hope this helps!
BilalelHadd Thank you. I did not set up a PKI infrastructure.
I followed all the steps described here: Windows Hello for Business Deployment Overview | Microsoft Learn and Windows Hello for Business Deployment Prerequisite Overview | Microsoft Learn.
Which information is missing there? Can you point me to those articles and blogs?
- Of course. Visit the following link:
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune
It should point you in the right direction. Following these steps requires no PKI infrastructure.The link you provided is about "Hybrid cloud Kerberos trust deployment". We are not in a hybrid scenario, nor do we have an Active Directory (on-prem). As mentioned before, the right deployment guide is Azure Active Directory join cloud only deployment | Microsoft Learn.
"When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, then there's no additional configuration needed."
- You're completely correct regarding the link that I've shared.
Did you also think of the apps and services that need to authenticate (with SSO, e.g.)? Password-less goes further than only logging in with strong authentication.
For accessing legacy apps and services, I would recommend the Hybrid Cloud Trust. If you are sure that all apps and services are SSO compatible, then you should be fine.
Could you share a screenshot with the configuration profile you've created for WhFB?