How to enable Windows Hello for Business biometrics setting disabled in Hybrid Azure AD Join PC?

EnterpriseArchitect 6,041 Reputation points
2023-10-19T02:59:49.18+00:00

based on https://learn.microsoft.com/en-au/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision?tabs=intune#provision-windows-hello-for-business

I am troubleshooting the Hybrid Azure AD Joined device's Windows Hello for Business biometrics configuration issue. 

In particular, the highlighted entries show two different results, even though the event occurred under the same log name: Microsoft-Windows-User Device Registration/Admin within the same day:

User's image

User's image

  1. How do I fix the issue so I can begin to use my Biometrics feature on this computer?
  2. Is this because I do not have any Windows Hello For Business policy or configuration settings in the Intune portal https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/configurationProfiles
Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Enrollment
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Security | Intune | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff
    2023-10-20T02:12:53.44+00:00

    @EnterpriseArchitect,Thanks for posting in Q&A.

    From your description, I know that you want to enable Windows Hello for Business biometrics setting in Hybrid Azure AD environment.

    According to seeing the picture you provided, I found that the machine has not applied Windows Hello for Business policy, the machine did not meet the hardware requirements and the machine is connected by Remote Desktop.

    If you want to enable Biometrics feature on your computer, please refer the following steps:

    1.Go to Intune admin center, create a Windows Hello for business policy to enable Biometrics feature.

    https://learn.microsoft.com/en-au/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision?tabs=intune#enable-windows-hello-for-business

    2.Check the targeted device whether meet the hardware requirements.

    https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification#hybrid-deployments

    https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-biometric-requirements

    3.Please do not use Remote Desktop to connect the machine, it will not apply Windows Hello for Business policy.

    Please try the above information. if there is any update, feel free to contact me.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.