Forum Discussion
How can I use "Windows Hello for Business" as passwordless sign-in on my laptop?
BilalelHadd Thank you. I did not set up a PKI infrastructure.
I followed all the steps described here: Windows Hello for Business Deployment Overview | Microsoft Learn and Windows Hello for Business Deployment Prerequisite Overview | Microsoft Learn.
Which information is missing there? Can you point me to those articles and blogs?
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune
It should point you in the right direction. Following these steps requires no PKI infrastructure.
The link you provided is about "Hybrid cloud Kerberos trust deployment". We are not in a hybrid scenario, nor do we have an Active Directory (on-prem). As mentioned before, the right deployment guide is Azure Active Directory join cloud only deployment | Microsoft Learn.
"When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, then there's no additional configuration needed."
- You're completely correct regarding the link that I've shared.
Did you also think of the apps and services that need to authenticate (with SSO, e.g.)? Password-less goes further than only logging in with strong authentication.
For accessing legacy apps and services, I would recommend the Hybrid Cloud Trust. If you are sure that all apps and services are SSO compatible, then you should be fine.
Could you share a screenshot with the configuration profile you've created for WhFB?BilalelHadd , sure:
What is kind of strange, is that some users in our tenant are missing the Authentication method "Windows Hello for Business" in the User profile in Azure. Is there some way to re-join Azure in order to get the sign-in method?