Configure Windows Hello for Business With Intune

This Microsoft Intune blog post will show how to configure Windows Hello for Business with Intune.

Windows Hello for Business is a two-factor authentication for PCs and mobile devices. It uses standard credentials and a second factor that uses a PIN or a biometric authentication type.

Microsoft Intune allows us to configure Hello as a device configuration profile or an enrollment policy. This post will use a device configuration because it gives admins more flexibility.

With Hello for Business, we can set up PIN length and complexity, TPM and biometric settings.

Windows Hello for Business is a security feature introduced by Microsoft in Windows 10 operating system. It provides a secure and password-less experience for authenticating users to their devices, apps, and online services. Windows Hello for Business uses biometric authentication technologies such as facial recognition, fingerprint recognition, and iris recognition to verify the identity of the user. By using biometrics, Windows Hello for Business eliminates the need for users to remember complex passwords or use weak and easy-to-guess passwords, which are often the weakest link in enterprise security.

Windows Hello for Business also uses a public key infrastructure (PKI) to securely store and manage user credentials and protect them against attacks such as replay, man-in-the-middle, and phishing.

PKI ensures that only authorized users can access the authentication tokens and that these tokens are valid and not tampered with. Windows Hello for Business also supports multi-factor authentication (MFA), which adds an extra layer of security by requiring users to provide additional authentication factors such as a PIN or a security key. In summary, Windows Hello for Business provides a strong and convenient authentication solution that enhances security, productivity, and user experience in the enterprise.

Configure Windows Hello for Business With Intune

To get started, Create a Windows configuration profile

In the policy type, select Identity protection

In the Configure Windows Hello for Business, choose Enable.

As you can see in the screenshot below, Intune allows us to customise every possible setting of Hello and apply it to devices.

To apply the configuration policy to devices, select a group from the Assignment tab and save the policy.

Watch the YouTube version of this video

Related Articles

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.