Windows Hello for business

Terrell Bryant 1 Reputation point
2022-06-06T18:33:38.147+00:00

Even with Windows Hello enforced via policy in Microsoft Intune, users can still sign in via single authentication using their password. I am currently testing if Windows Hello for Business is a viable MFA or Passwordless solution. Is there a way to make users use their Yubioco security key and not have the option to sign in via password authentication?

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,060 questions
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
6,045 questions
No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Lu Dai-MSFT 21,106 Reputation points Microsoft Employee
    2022-06-07T01:56:29.477+00:00

    @Terrell Bryant Thanks for posting in our Q&A.

    Based on my research, the following link may meet your requirement:
    https://www.inthecloud247.com/enable-passwordless-authentication-to-windows-10-with-yubico-security-keys/
    Note: Non-Microsoft link, just for the reference.

    Hope it is what you want.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Jason Sandys 30,881 Reputation points Microsoft Employee
    2022-06-07T16:18:53.567+00:00

    Please see https://www.petervanderwoude.nl/post/excluding-the-password-credential-provider/ for removing the ability and option for users to use a password.


  3. Terrell Bryant 1 Reputation point
    2022-06-14T18:47:41.587+00:00

    Is there a way to remove the PIN option so that users only have the choice of using a security key assigned to them? 211374-image.png