Use identity protection profiles to manage Windows Hello for Business in Microsoft Intune
Important
In July 2024, the following Intune profiles for identity protection and account protection were deprecated and replaced by a new consolidated profile named Account protection. This newer profile is found in the account protection policy node of endpoint security, and is the only profile template that remains available to create new policy instances for identity and account protection. The settings from this new profile are also available through the settings catalog.
Any instances of the following older profiles that you have created remain available to use and edit:
- Identity protection – previously available from Devices > Configuration > Create > New Policy > Windows 10 and later > Templates > Identity Protection
- Account protection (Preview) – previously available from Endpoint Security > Account protection > Windows 10 and later > Account protection ( Preview)
Microsoft Intune supports use of Account protection profiles to manage Windows Hello for Business on your managed Windows devices. Windows Hello for Business is a method for signing in to Windows devices by replacing passwords, smart cards, and virtual smart cards.
Applies to:
- Windows 10
- Windows 11
When you use Intune Account protection profiles to manage Windows Hello for Business settings, you can:
- Enable Windows Hello for Business for devices and users
- Set device PIN requirements, including a minimum or maximum PIN length
- Allow gestures, such as a fingerprint, that users can (or can't use) to sign in to devices
In addition to Account protection profiles, Intune supports the following options to manage settings for Windows Hello for Business:
- During device enrollment: Configure tenant-wide policy that applies Windows Hello settings to devices at the time the device enrolls with Intune.
- Security baselines: Some settings for Windows Hello can be managed through Intune's security baselines, like the baselines for Microsoft Defender for Endpoint security or Security Baseline for Windows 10 and later.
- Settings catalog: The settings from endpoint security Account protection profiles are available in the Intune settings catalog.
Note
For customers looking to configure Windows Holographic for Business, please use DeviceLock CSP
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for