This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 25%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
We currently implementing a modern workplace solution with Windows 10 for a customer. We have Windows 10 user-based devices that are Azure AD joined and managed by Intune. Instead of logging on to the Windows 10 device with an Azure password we would prefer to use Windows Hello for business for device authentication (pincode + fingerprint). For the initial configuration of Windows Hello for Business we need an internet connection.
My question is, how often a internet connection is needed after the initial configuration to make sure Windows Hello for Business keeps working?
When I disconnect my internet connection I can still use Windows Hello for Business to logon to the Windows 10 device. Will this always work without an internet connection? Or do we need to connect to the internet once in while to make sure this will continue to work.
On the Microsoft documentation I found the following documentation about the sign-in process (https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless). I cannot find the answer here to my question. Can someone provide the answer and if possible provide a URL to documentation?
Thank you in advance!
Hello,
IMO, if you configure some of Windows Hello for Business settings, for example, PIN Reset, it may require to have Internet at client's end to make use of the setting.
Regards.
I understand that with a initial configuration or change in configuration (PIN reset) a internet connection is required. My question is; do we need a internet connection periodically to make sure the authentication keeps working. If yes, how often?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Based on my research, the biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers.
I don't think it need the internet connection all the time.
But not sure for internet connection periodically to update the pin, i would suggest you ask advice from the AZURE AD.
Best Regards,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 90%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETD%3C/text%3E%3C/svg%3E)
WHFB does not require internet connectivity to unlock the device. All Windows credentials (password, PIN, biometric, Smart Cards, FIDO keys) do not require internet connectivity (with the exception of something called Web sign in), it would be a terrible experience for the user to be locked out of their computer at the airport or hotel. As others mentioned, WHFB in most deployment modes requires internet connectivity to Entra ID (Azure AD) to setup. It requires internet connectivity to reset the PIN with another credentials.