Forum Discussion
How can I use "Windows Hello for Business" as passwordless sign-in on my laptop?
The link you provided is about "Hybrid cloud Kerberos trust deployment". We are not in a hybrid scenario, nor do we have an Active Directory (on-prem). As mentioned before, the right deployment guide is Azure Active Directory join cloud only deployment | Microsoft Learn.
"When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, then there's no additional configuration needed."
Did you also think of the apps and services that need to authenticate (with SSO, e.g.)? Password-less goes further than only logging in with strong authentication.
For accessing legacy apps and services, I would recommend the Hybrid Cloud Trust. If you are sure that all apps and services are SSO compatible, then you should be fine.
Could you share a screenshot with the configuration profile you've created for WhFB?
Thank you. I will take a closer look at your recommendation and update the thread.
- Please make sure that the devices are AAD joined. When they are, ensure that the configuration profile, as shown in the screenshot, is assigned to the devices.
Regarding your question, It won't be registered as an authentication method if they haven't set up Windows Hello for Business.
Small reminder, as stated yesterday, the WhFB trust type only impacts how the device authenticates to on-premises AD. So don't forget to do your research. BilalelHadd , sure:
What is kind of strange, is that some users in our tenant are missing the Authentication method "Windows Hello for Business" in the User profile in Azure. Is there some way to re-join Azure in order to get the sign-in method?