Can't configure Windows Hello in O365 Azure inviroment

Frederik Adsersen 0 Reputation points
2024-11-08T08:31:11.1833333+00:00

Hi. I am an administrator in my companys O365 online enviroment. I have watched this youtube guide to setup Windows Hello for Business: https://www.youtube.com/watch?v=A8faHO-bn-0

After setting my policy like this: (I put the user that i sign on to my computer with, in the group that i assigned to this policy)


1

2

....I restarted my PC and had a blue "welcome screen" presenting me with the option to setup Windows Hello.

I scanned my finger a bunch of times and made a PIN code.

When i now try to logon with my fingerprint, i get this error: (The text is in danish, but it says: "This setting is temporarily not available. Use another method to sign in for now")

4

....After at least a few restarts i tried logging in with password,(which works just fine) to try to lock the account and unlock it with fingerprint. Now, when using fingerprint, it shows me this error:

5

What am i missing, or doing wrong?

-Best regards

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,943 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,293 questions
Microsoft Entra
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Crystal-MSFT 50,331 Reputation points Microsoft Vendor
    2024-11-11T05:32:54.14+00:00

    @Frederik Adsersen, Thanks for posting in Q&A. Based on my researching, I find a known issue in Hybrid environment. After the user provisions a Windows Hello for Business credential in a hybrid key trust environment, the key must sync from Microsoft Entra ID to Active Directory during a Microsoft Entra Connect Sync cycle. Before it is synced, it will get this error.

    https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-deployment-issues#identify-user-public-key-deletion-issue

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Iufor 0 Reputation points
    2024-11-11T15:46:52.5566667+00:00

    Hi
    Your Answer
    To configure Windows Hello in an O365 Azure environment, ensure that you meet all prerequisites, including an Azure AD-joined or hybrid Azure AD-joined device and an Azure AD Premium license. Verify that Windows Hello for Business is enabled in Azure AD and configured via group policies or Intune policies. If you’re facing errors, check device logs under Event Viewer > Microsoft > Windows > HelloForBusiness for detailed troubleshooting insights, and ensure the device firmware is up-to-date.

    0 comments No comments

  3. Raja Pothuraju 9,050 Reputation points Microsoft Vendor
    2024-11-13T19:49:52.8666667+00:00

    Hello @Frederik Adsersen,

    Thank you for posting your query on Microsoft Q&A.

    Adding to Crystal-MSFT answer, the error message you are encountering might appear as: "That option is temporarily unavailable. For now, please use a different method to sign in." Please check if the user is part of any protected groups, such as Administrators, Domain Admins, Domain Controllers, Backup Operators, Server Operators, Account Operators, Cert Publishers, Enterprise Admins, or Schema Admins.

    image.png

    Solution: Remove the user from the protected groups.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.