Require Security Device policy for Windows Hello for Business noncompliant

Mike G 76 Reputation points
2024-05-15T20:28:57.57+00:00

Hello,

I am working on enabling Windows Hello for Business and I am running into an issue with the "Require Security Device" policy. My devices are running Windows 11 22H2 with the TPM 2.0 modules enabled, and I have enabled cloud trust. According to this MS article, I should enable these policies from the Settings Catalog and deploy them to my devices or users (I have it deployed to a device group.)User's image After sending the policy to my test group, Intune is reporting an error with the Require Security Device policy on some devices as it is not compliant.

User's image

User's image

Also I have noticed on at least one machine, the results will flip between compliant and not compliant. I validated the TPM module is visible to Windows and I cannot find any issues with it. Despite this, I created a Windows Hello configuration policy using the Identity Protection template and and deployed to the same device group. My testers were able to enroll in Windows Hello for Business and it works fine as I understand Windows will provision Windows Hello using software as opposed to the TPM if it is unavailable or not functioning but I don't understand why this is happening to begin with. Thanks in advance.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,470 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,503 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Mike G 76 Reputation points
    2024-05-15T21:05:27.3466667+00:00

    Update: After posting, I checked the HelloForBusiness event log on my PC and I noticed these two events which may explain the policy is succeeding or failing though I haven't come across this before. I think this might be driver related but I am fairly sure that I am up to date. I'll do a driver check and post back.

    User's image

    User's image

    1 person found this answer helpful.