Disable Windows Hello with Azure AD

Question

Hello

Dear. Support

I'm trying to use Azure AD officially.

When you reboot, when you join the Azure AD domain, you are prompted to set Windows hello, etc

I want to disable Windows Hello using Azure AD.

Could you please help me?

Answer 1

Hello,

Thank you for posting in Q&A forum.

To disable Windows Hello for Business (WHfB) using Azure AD, you can configure it via Azure AD and Intune (Microsoft Endpoint Manager). Here's how you can disable Windows Hello for Business:

1. Using Azure AD:

Sign in to the Azure portal:

Go to Azure Portal and sign in with your administrator account.

Navigate to Azure AD:

In the Azure portal, select Azure Active Directory.

Go to the Device Settings:

Under Manage, select Devices.

Disable Windows Hello for Business:

In the Device settings page, locate the Windows Hello for Business section.

Toggle Configure Windows Hello for Business to No.

Save Changes:

Make sure to save the changes by clicking the Save button.

2. Using Intune (Microsoft Endpoint Manager):

If you’re managing devices through Intune, you can also disable Windows Hello for Business using a device configuration profile.

Sign in to the Microsoft Endpoint Manager admin center:

Go to Microsoft Endpoint Manager.

Create a Device Configuration Profile:

Select Devices > Configuration profiles > Create profile.

Choose Windows 10 and later as the platform.

Select Identity protection as the profile type.

Configure the Identity Protection Settings:

Set Windows Hello for Business to Not configured or disabled.

Assign the Profile:

Assign the profile to the devices or user groups where you want to disable Windows Hello for Business.

Review and Save:

Review the settings and save the profile.

Best Regards,

Yanhong Liu

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

Can't I do anything without using intune? Whenever I reboot my PC, I get asked to set it up.