Windows Hello - Centralize authentication

Rishikesh Borawake 21 Reputation points

Can we setup windows hello for business for Azure AD in such way that - if user created PIN with windows hello for his device, then that user can be login to another laptop with same windows hello PIN ?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
807 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,890 questions
{count} votes

Accepted answer
  1. Harpreet Singh Matharoo 7,576 Reputation points Microsoft Employee

    Hello @Rishikesh Borawake

    Thank you for reaching out. Unfortunately, what you are trying is not yet supported as Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.

    Windows Hello for Business =Windows Hello + the Asymmetric Authentication method (combines biometric and PKI mechanisms). It replaces passwords with strong two-factor authentication on PCs and mobile devices. And lets user authenticate to an Active Directory or Azure Active Directory account. This use of Windows Hello is unique to the device in which it’s setup. Basically, it means that if someone else knows the PIN you use to login to your Windows 10 device, that PIN is theoretically useless on another device, since that PIN is device specific and stored locally.

    For more information you can review following articles:



    I hope this helps resolves your query.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful