How to enable/disable enhanced sign-in security with regkey in Windows 11?

Erik Kulisch 20 Reputation points
2024-05-13T11:37:09.8+00:00

I have a customer which wants to enable the feature "Use Windows Hello without Enhanced Sign-In Security" with a regkey. I found the option to enable it via Intune, but not with a reg key.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,153 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,306 questions
{count} votes

Accepted answer
  1. ZhoumingDuan-MSFT 14,315 Reputation points Microsoft Vendor
    2024-05-14T01:32:31.1166667+00:00

    @Erik Kulisch,Thanks for posting in Q&A.

    I have done some research about this issue and find that Enablement is dependent on specialized hardware, drivers, and firmware that are being pre-installed on the system. Device manufacturers can choose to enable Enhanced Sign-in Security on their devices during configuration of the device in factory, so you cannot enable/disable it via regkey.

    https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#how-do-i-get-enhanced-sign-in-security

    However, Starting in Windows 11, version 22H2 with KB5031455, users can temporarily turn off ESS if they would like to use an external peripheral to authenticate with Windows Hello on their device.

    https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#disableenable-enhanced-sign-in-security

    Hope it will help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Mika Huttunen 0 Reputation points
    2024-11-22T08:52:33.5366667+00:00

    I used this reg key to enable(turn on) "Sign in with an external camera or fingerprint reader" setting: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinBio SupportPeripheralsWithEnhancedSignInSecurity REG_DWORD = 1

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.