Windows Hello for Business with Intune managed endpoints

Henk Steenwijk 21 Reputation points
2022-06-13T06:27:40.133+00:00

Hello to all,

I'm currently trying to figure out of there is a possibility to enable Windows Hello for Business for our Intune managed endpoints.

Our security office have given us clearance to roll out Windows Hello for Business but with the side note of enabling fingerprint logons, but disable the facial recognition function. Now over the past weekend I've been reading through the documentation and nowhere is it specified that this is an option or achievable option.

Does anyone know if it's possible to enable only the fingerprint options via an Intune policy?

Regards,
Henk Steenwijk

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,748 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,712 questions
0 comments
Accepted answer
  1. Limitless Technology 39,341 Reputation points
    2022-06-14T07:16:53.443+00:00

    Hi there,

    I suppose you can achieve your requirements by using tenant-wide policy. You can create a tenant-wide policy that configures use of Windows Hello for Business on Windows 10/11 devices at the time those devices enroll with Intune.

    If you choose not to configure a tenant-wide policy for Windows Hello for Business, you can use a device configuration Identity protection profile to configure groups of devices for Windows Hello.

    Manage Windows Hello for Business on devices at the time devices enroll with Intune https://learn.microsoft.com/en-us/mem/intune/protect/windows-hello

    --------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,151 Reputation points Microsoft Employee
    2022-06-13T20:52:20.083+00:00

    To my knowledge this is not achievable via any Windows or Windows Hello for Business configuration. Allowing device biometrics is all or nothing. Potentially, you could disable the camera itself, but that has bigger implications.

    What's the business requirement or motivation for wanting to only allow fingerprint-based biometrics?

    0 comments