TPM needed for Windows Hello/Windows Hello for Business, or not.

Jun Kai Herman Teo 76 Reputation points

Hi all,

I appreciate some clarification here. Previously, in my learning for SC-900, I understand that Windows Hello works with TPM to ensure that even if the threat actor knows the PIN, unless it has the hardware, he/she will not be able to access the account. So I believed that the TPM is required, because that's the "what you have", and fulfills the MFA definition.

Today I came across a documentation (, that TPM is not required for Windows Hello/Windows Hello for Business.

If Windows Hello/Windows Hello for Business does not require TPM to work, where does the unique ID or key stored in the hardware?

I am probably missing something here. If anyone has an answer on hand, pls let me know.

Much appreciated. Thank you.

best regards,

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,744 questions
{count} votes

Accepted answer
  1. Reza-Ameri 16,826 Reputation points

    You may setup the Windows Hello/Windows Hello for Business without TPM and in this case, it will use the software based for authentication. This is not a recommended method , however in case someone want to use this feature without TPM, it is still possible. Have a look at:
    Using software-based it is less secure than using the TPM.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful