question

rstager-7784 avatar image
0 Votes"
rstager-7784 asked ThorstenPickhan-3271 answered

How to disable Windows Hello for Business for AAD Joined Devices

108335-dete.pngWindows Hello for Business is not configured in endpoint management.
![108308-image.png][3]


When a device is joined to Azure AD users are prompted to register a pin and use Windows Hello for Business.

We do not want the users to be prompted for Windows Hello for Business.

How do we disable the prompt for Windows Hello for Business registration after joining a Windows 10 system to Azure AD?


[3]: /answers/storage/attachments/108362-image.png

azure-ad-hybrid-identity
image.png (83.8 KiB)
dete.png (74.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@rstager-7784 Thanks for reaching out.

For your required scenario, you would need to select the disable option in Windows hello for business like this :

109648-image.png


Do note that this is a tenant wide scope and cannot be scoped for any certain devices/users.


If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.






image.png (38.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NejcNovak-3148 avatar image
0 Votes"
NejcNovak-3148 answered NejcNovak-3148 published

Is there a way to disable PIN only for certain devices? Like meeting room devices, which are only used occasionally by users?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ThorstenPickhan-3271 avatar image
0 Votes"
ThorstenPickhan-3271 answered

Hi @NejcNovak-3148, if it still unsolved for you:
it looks like you can create a dedicated device configuration profile and disable Windows Hello for Business for certain groups or users:
https://learn.microsoft.com/mem/intune/protect/identity-protection-configure?WT.mc_id=M365-MVP-5004286

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.