Share via

Windows Hello Hybrid Key Trust: Enrolling over VPN

Willcutaflip 26 Reputation points
2021-07-21T14:05:13.17+00:00

We have recently implemented Windows Hello for Business in our environment via the hybrid key trust model. Machines in the office are able to enroll in windows hello without issue however VPN devices are having issues. We are using the built in windows VPN, and all traffic is getting sent to our gateway. The machines get the group policy to enforce the requirement however when they log in, they are not prompted to set up a pin or fingerprint. When we go to Settings > Accounts > Sign in options> all of the options tell us "This option is currently unavailable" and then "This sign-in option is only available when connected to your organizations network".

Has anyone else experienced this issue?

Microsoft Security | Active Directory Federation Services
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Willcutaflip 26 Reputation points
    2021-08-04T18:06:55.13+00:00

    @Pierre Audonnet - MSFT sorry about the delayed response on this. I think we figured out our problem. Half of our machines had intune enrollment issues and were stuck in a pending state. Running dsregcmd /debug /leave on those machines allowed them to register properly and get their proper tokens. Takes about half an hour but eventually the status message in dsregcmd /status changes to WillProvision. Rebooted and the user was prompted to set up a pin and fingerprint.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.