Windows Hello and privacy
What data is collected, and why
When you set up Windows Hello, it takes the data from the face or iris sensor or fingerprint reader and creates a data representation—not an image; it’s more like a graph—that is then encrypted before it’s stored on your device.
To help us keep things working properly, to help detect and prevent fraud, and to continue improving Windows Hello, Microsoft collect info about how people use Windows Hello. For example, info about whether people sign in with their face, iris, fingerprint, or PIN; the number of times they use it; and whether it works or not is all valuable information that helps us build a better product. This data is stripped of any information that could be used to specifically identify you, and it's encrypted before it's transmitted to Microsoft.
The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor.
Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file.
Windows Hello biometrics in the enterprise (Windows 10) - Microsoft 365 Security | Microsoft Learn
More information here:
GDPR FAQs, Microsoft Trust Center
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.