![]() ![]() There are actually two different methods for configuring Windows Hello for Business in a hybrid environment: If you want to setup Windows Hello for Business in a hybrid environment, there is a whole bunch of technical stuff required before it’s ready to rock. ![]() The reason is because Windows Hello for Business is disabled by default on domain-joined computers. The same thing will happen for facial recognition or fingerprint. If you go look in the Intune portal, you will find some settings for controlling Windows Hello for Business under Device enrollment > Windows enrollment > Windows Hello for Business. So when a computer is joined to Azure AD and enrolled for MDM, one of the first things that a new user will be prompted to do is setup their Hello PIN on their Windows 10 device. This is on by default for Microsoft 365 subscriptions that include Intune. No special infrastructure or certificates, no federated services or other junk. ![]() When you do as you’re supposed to, and join PC’s to Azure AD rather than a local / legacy Active Directory, Windows Hello for Business is setup for you auto-magically. One factor being some kind of local gesture such as a PIN, fingerprint or facial recognition, and the other being a key or certificate that is bound to the device itself. Windows Hello for Business replaces a traditional password when signing into your workstation, with a stronger two-factor authentication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |