Disable Windows Hello for Business using Intune – Comprehensive Guide

In this article, I will show you how to disable Windows Hello for Business using Intune. You can now use Intune to disable the “Your organization requires Windows Hello” or “Use Windows Hello with your account” prompt during Autopilot OOBE and get rid of WHfB permanently.

Windows Hello is a biometric device unlocking function that works with fingerprints or facial recognition. Microsoft Intune can be used to administer Windows Hello, and it is accessible on Windows 10 and Windows 11. A more secure approach to sign in to devices is with Windows Hello.

With Microsoft Intune, you can set up a tenant-wide policy that instructs Windows 10 or Windows 11 devices to use Windows Hello for Business when they enrol with Intune. This policy targets your entire organization and supports the Windows Autopilot out-of-box-experience (OOBE).

If you choose not to configure a tenant-wide policy for Windows Hello for Business, you can use a device configuration Identity protection profile to configure groups of devices for Windows Hello. Organizations that don’t use Intune can make use of Group policy to disable Windows Hello. If you are looking to disable Windows Hello for Business using Intune, this post is for you.


https://forum.berlcoin.fr/viewtopic.php?p=44699

https://forum.berlcoin.fr/viewtopic.php?p=49079

https://forum.berlcoin.fr/viewtopic.php?p=37324

https://forum.berlcoin.fr/viewtopic.php?p=29155

https://worldbattlingent.com/showthread.php?tid=7390

http://huayang.eu.org/viewthread.php?tid=3176&extra=page%3D1

http://huayang.eu.org/viewthread.php?tid=3152&extra=page%3D1

http://huayang.eu.org/viewthread.php?tid=3499&extra=page%3D1

http://huayang.eu.org/viewthread.php?tid=3425&extra=page%3D1

http://forumgobelin.free.fr/viewtopic.php?p=413

http://forumgobelin.free.fr/viewtopic.php?p=459

http://forumgobelin.free.fr/viewtopic.php?p=641

https://ifutures.pl/paradigm-gocad-skua-2022-t48654.html

https://ifutures.pl/erdas-imagine-2023-t48794.html

http://thegunroomforum.com/viewtopic.php?t=12388

http://thegunroomforum.com/viewtopic.php?t=13195

http://thegunroomforum.com/viewtopic.php?t=488

http://thegunroomforum.com/viewtopic.php?t=653

http://thegunroomforum.com/viewtopic.php?t=3563

http://extremesaver.co.uk/viewtopic.php?t=923


Why disable Windows Hello for Business?


Although Windows hello is a great feature, not everyone needs it. Not all organizations prefer to use Windows hello because it requires tow-factor authentication instead of passwords. When you assign a new laptop to your employees provisioned by Autopilot, the Windows Hello appears during the OOBE.


Your organization requires Windows Hello during Autopilot OOBE


The below screenshot is an example of the Windows Hello screen appearing on the laptop provisioned with Autopilot during the OOBE. With Windows Hello for business enabled during user-driven Autopilot, you see the window with the following message:

Use Windows Hello with your account. Your organization requires you to set up your work or school account with Windows Hello Face, Fingerprint, or PIN. If you have already set up Windows Hello on this device, we’ll automatically add it for this account. You may be asked to re-verify with Windows Hello. If your organization requires a more complex PIN, Windows will prompt you to change it.


Difference between Windows Hello and Windows Hello for Business


With Windows Hello, individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This configuration is referred to as Windows Hello convenience PIN, and it’s not backed by asymmetric (public/private key) or certificate-based authentication.

Whereas the Windows Hello for Business is configured by group policy or mobile device management (MDM) policy such as Intune, always uses key-based or certificate-based authentication. This behavior makes it more secure than Windows Hello convenience PIN.


http://www.extremesaver.co.uk/viewtopic.php?t=5

http://extremesaver.co.uk/viewtopic.php?t=837

http://www.extremesaver.co.uk/viewtopic.php?t=24

https://medtalk.info/viewtopic.php?t=8

https://medtalk.info/viewtopic.php?f=4&t=230

https://medtalk.info/viewtopic.php?t=3

https://medtalk.info/viewtopic.php?t=12

https://demo.projecthades.org/showthread.php?tid=231

https://revolutionmall.co.uk/forum/showthread.php?tid=19046

http://forum.icohaberleri.com/showthread.php?tid=1434

https://www.commandlinefu.com/commands/view/30748/loops-over-files-runs-a-command-dumps-output-to-a-file

http://molbiol.ru/forums/index.php?showtopic=743938

http://molbiol.ru/forums/index.php?showtopic=746956

https://wiki.hot-chilli.net/ftp/ftp-zugriff-auf-das-webverzeichnis


Ways to Turn off the Windows Hello for Business


Listed below are different ways to disable the Windows hello for business configuration in Intune


  1. Configure Windows Hello for Business from Windows Enrollment (Applies for entire tenant)
  2. Use Intune WHfB device configuration profile to disable Windows Hello for Business (Scoped method)
  3. Use Endpoint Security – Account Protection


I want to highlight an important point here. When you disable the Windows hello for business from Windows enrollment settings, the settings apply to the entire tenant and can’t be scoped. So use this method if you would like to remove the Hello for Business prompt during OOBE (for Autopilot as an example).


Disable Windows Hello for Business using Intune


You’ll need to be signed in with an Intune Administrator role. Perform the following steps to disable Windows Hello for Business using Intune:


  • Sign in to Microsoft Intune Admin Center.
  • Go to Devices > Windows > Windows Enrollment.
  • Under the General section, select Windows Hello for Business.


On the Windows hello for Business window, we see two options:


  • Configure Windows Hello for Business: Not Configured.
  • Use security keys for sign-in: Not Configured.


Next to the option “Configure Windows Hello for Business“, select the drop-down and select Disabled. When disabled, users can’t provision Windows Hello for Business.

The other options that you see are applicable when you enabled Configure Windows Hello for Business setting. Once you have made the above changes, select Save.


Configure Windows Hello for Business using Intune


Sometimes, even after disabling the Windows hello for business, users see the Windows Hello screen during the sign-in. If you are looking to disable Windows hello for business settings for a specific device group or user group and not for entire Intune tenant, you must create a configuration profile.

Perform the following steps to create a device configuration profile in Intune to configure Windows Hello for Business. First sign-in to the Intune Admin center. Select Devices > Configuration profiles > Create profile.


Comments

Post a Comment

Popular posts from this blog

Fix Intune Profile Installation Failed during macOS Enrollment

While enrolling the macOS in Intune, you may encounter a warning, “Profile Installation Failed“. Could not obtain the final profile using the Encrypted Profile Service. In this article, I will show you how to resolve this error and provide you with some troubleshooting steps. When you register macOS devices into Intune, you might end up with several enrollment errors. Thankfully, the Intune portal now shows the device enrollment failures right on the dashboard. This makes it easy to troubleshoot the device enrollment errors. I recently published a guide on enrolling macOS into Intune, where I covered the steps to enroll macOS devices into Intune using the company portal app. Microsoft Intune supports enrollment on personal and company-owned devices. Only when you enroll your macOS devices in Intune, you can manage them. https://www.openhelbreath.com/showthread.php?tid=1645 https://www.mcmon.ru/showthread.php?tid=12513 https://www.csoyuncu.net/showthread.php?tid=2319 https://test.tcz.x1
Read more

2 Best Solutions: Error Can’t Connect to Windows 365

In this article, I will show you how to resolve the error can’t connect to Windows 365. If you are unable to access your Cloud PC using the Windows 365 app, there are two ways to solve this issue. I normally connect to my Cloud PC using the Windows 365 app. Note that there are multiple ways to connect and access your Cloud PCs. For instance, you can connect to a cloud PC using the Windows 365 home page, the Windows 365 App, or the Microsoft Remote Desktop client. Cloud PCs are accessible to users only after you assign Windows 365 licenses to users. Note that you should also provision Windows 365 Cloud PCs that allow users to access them from any device. In my case, the provisioning policy in place for Cloud PCs and a valid license was assigned to the user. In some cases, when you attempt to connect to Cloud PC, there may be gateway errors or connection errors. Refer to the following guide on troubleshooting Cloud PC connection errors, where I have covered solutions for Cloud PC access
Read more

2 Easy Ways to Remove Insider Preview Evaluation Copy Watermark

I’ll show you how to remove insider preview evaluation copy watermark from your Windows desktop in this article. If you don’t want the evaluation copy watermark to appear on your desktop, you can remove it using multiple methods. If you have enrolled for the Windows Insider Preview program and have installed the insider preview build, you’ll notice a watermark in the lower-right corner of the desktop. The watermark reveals the build number of the Windows insider preview. The screenshot below shows the example of insider preview evaluation copy watermark from Windows desktop. This watermark appears on all the recent installations of Windows insider preview, and there are multiple methods such as registry, ease of access settings in control panel using which you can remove this watermark on the desktop. There are three proven ways to remove the Evaluation Copy watermark from the desktop of insider preview builds: https://test.tcz.x10.mx/mybb/showthread.php?tid=24716 https://expectingtheu
Read more