What happens when I delete a user's Windows Hello for Business authentication method?

Mitch Silberstein 20 Reputation points
2024-12-12T19:57:36.5+00:00

As an admin, I can go into Entra ID > Users > [Select a User] > Authentication Methods and delete out their authentication methods. What exactly happens when I delete a user's Windows Hello for Business credentials?

Currently we have a policy in Intune that enables WHfB on the device.

  • Does this break signing in with their WHfB credentials on their local device (i.e. Pin or Biometric)?
  • Does this delete out their Windows Hello Container local on their device?
  • Does this only affect using Windows Hello as a sign on method for other Entra ID resources?
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,446 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,898 questions
0 comments No comments
{count} votes

Accepted answer
  1. Navya 14,385 Reputation points Microsoft Vendor
    2024-12-12T21:40:57.1866667+00:00

    Hi @Mitch Silberstein

    Thank you for posting this in Microsoft Q&A.

    I understand that you want to know what happens when you delete a user's Windows Hello for Business authentication method.

    When you delete a user's Windows Hello for Business credentials from the Authentication Methods page in Entra ID, it will remove the user's ability to sign in to Entra ID resources that use Windows Hello for Business. In this case, users will need to use other available authentication methods to access resources

    Does this break sign in with their WHfB credentials on their local device (i.e. Pin or Biometric)?

    This will not break signing in with their Windows Hello for Business credentials on their local device until you delete the directory locally. Deleting this directory should result in the PIN being removed as a sign-in method. It is important to remember that Windows Hello sign-in methods are tied specifically to that device. As a result, the user can still log in using those PIN or biometric.

    Does this delete out their Windows Hello Container local on their device?

    Deleting the user's Windows Hello for Business credentials from Entra ID will not delete the Windows Hello container on their local device. The Windows Hello container is stored locally on the device and is not managed by Entra ID.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.