Share via

WHFB Usage Report

Ranjithkumar Duraisamy 226 Reputation points
2023-10-11T12:00:03.3233333+00:00

Hi, I have deployed (Intune)configuration profile to enforce Windows Hello For Business enrollment. While I'm trying to see/understand WHFB usage across enrolled users/devices, found a KQL script utilizing 'Sign-in' events to show how many times WHFB utilized to authenticate against.

But, what I'm trying to see is exactly which WHFB authentication type is being used across. i.e., PIN or Fingerprint or Face Recognition etc.

Could anyone please suggest an appropriate direction to get this viewed over a nice report?

Microsoft Security Intune Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 53,981 Reputation points Microsoft External Staff
    2023-10-12T02:30:36.5966667+00:00

    @Ranjithkumar Duraisamy, Thanks for posting in Q&A. Based on my researching, Microsoft Entra sign-ins report shows authentication details for events when a user is prompted for multifactor authentication, and if any Conditional Access policies were in use. The Authentication Details tab provides the following information, for each authentication attempt:

    • A list of authentication policies applied (such as Conditional Access, per-user MFA, Security Defaults)
    • The sequence of authentication methods used to sign-in
    • Whether or not the authentication attempt was successful
    • Detail about why the authentication attempt succeeded or failed

    While viewing the sign-ins report, select the Authentication Details tab. If available, the authentication is shown, such as text message, Microsoft Authenticator app notification, or phone call. The OATH verification code is logged as the authentication method for both OATH hardware and software tokens (such as the Microsoft Authenticator app).

    Unfortunately, the report does not provide a breakdown of which WHFB authentication type was used.

    From your description I know we configure WUFB in Intune. Based as I know, this profile can enable Windows Hello for Business for devices and users, set device PIN requirements, and allow or disallow gestures for sign-in. I think this can be a method to check.

    Meanwhile, I also research to see if there's any PowerShell command can check this. But I don't find this.

    You can feedback to the following link to see if we can get this feature in the future:

    https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472

    Thanks for your understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Ranjithkumar Duraisamy 226 Reputation points
    2023-10-12T11:41:22.87+00:00

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.