@Adrian Halfdan Ulland, Thanks for posting in Q&A.
Q1. Can someone fill me in on how they interpret the feature?
A1. The "Enhanced Anti-Spoofing" feature is designed to add an extra layer of security by making it harder for unauthorized users to spoof the facial recognition system. This feature primarily enhances the detection capabilities of the integrated camera to differentiate between a real face and a spoof (such as a photo or video). It doesn't necessarily block external cameras but makes it more challenging for them to pass the enhanced security checks. This is why your external camera still works but struggles more to recognize you.
Q2. Does someone know how I can check on a client directly if the policy has been applied successfully?
A2. Please first go to Microsoft Intune portal and check the Windows Hello for Business policy status, if the policy status is success and then go to client device.
Open the Registry Editor by typing regedit in the Run dialog (Win + R).
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures.
Look for a REG_DWORD named EnhancedAntiSpoofing and check whether its value is set to 1.
Also, the feature needs some requirements mentioned in the following link.
This disables Windows Hello face authentication on devices that don't support enhanced anti-spoofing.
Hope above information can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.