WHfB - Deployed through Intune but RDS servers still ask for credentials

Question

Hi,

So I am trying to implement WHfB so that all of our Windows users can use a pin/fingerprint to logon to all services.

I have set up an NDES/SCEP environment which has been configured in an Intune policy and seems to issue certificates as expected to test users laptops.

If I try to login to one of our RDS servers I am asked for my pin as expected which gets accepts but then the server logon page appears and needs me to enter my full credentials again.

All of my servers are managed by on prem AD. Do I need to change any GPO settings to allow WHfB to pass through credentials to the server and for the server to accept them?

I cannot see any error logs as it isn't attempting to login to the RDS using a pin.

Thanks in advance!

Answer 1

Hello,

To ensure seamless integration of Windows Hello for Business (WHfB) with your RDS servers, please verify and configure the following Group Policy settings:

• Always prompt for password upon connection: Ensure this setting is disabled.
• Use a hardware security device: Enable this policy.
• Use Windows Hello for Business: Enable this policy.

As always, please thoroughly test these settings in a controlled environment before deploying them to your production environment.

If you have any further questions or need additional assistance, feel free to reach out.

Best regards,

Wilkin Sanchez