How to enable/disable enhanced sign-in security with regkey in Windows 11?

Question

I have a customer which wants to enable the feature "Use Windows Hello without Enhanced Sign-In Security" with a regkey. I found the option to enable it via Intune, but not with a reg key.

Answer 1

@Erik Kulisch,Thanks for posting in Q&A.

I have done some research about this issue and find that Enablement is dependent on specialized hardware, drivers, and firmware that are being pre-installed on the system. Device manufacturers can choose to enable Enhanced Sign-in Security on their devices during configuration of the device in factory, so you cannot enable/disable it via regkey.

https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#how-do-i-get-enhanced-sign-in-security

However, Starting in Windows 11, version 22H2 with KB5031455, users can temporarily turn off ESS if they would like to use an external peripheral to authenticate with Windows Hello on their device.

https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#disableenable-enhanced-sign-in-security

Hope it will help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I used this reg key to enable(turn on) "Sign in with an external camera or fingerprint reader" setting: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinBio SupportPeripheralsWithEnhancedSignInSecurity REG_DWORD = 1