Windows Hello for Business with Intune managed endpoints

Henk Steenwijk 21 Reputation points

Hello to all,

I'm currently trying to figure out of there is a possibility to enable Windows Hello for Business for our Intune managed endpoints.

Our security office have given us clearance to roll out Windows Hello for Business but with the side note of enabling fingerprint logons, but disable the facial recognition function. Now over the past weekend I've been reading through the documentation and nowhere is it specified that this is an option or achievable option.

Does anyone know if it's possible to enable only the fingerprint options via an Intune policy?

Henk Steenwijk

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,060 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,145 questions
No comments
{count} votes

Accepted answer
  1. Limitless Technology 37,351 Reputation points

    Hi there,

    I suppose you can achieve your requirements by using tenant-wide policy. You can create a tenant-wide policy that configures use of Windows Hello for Business on Windows 10/11 devices at the time those devices enroll with Intune.

    If you choose not to configure a tenant-wide policy for Windows Hello for Business, you can use a device configuration Identity protection profile to configure groups of devices for Windows Hello.

    Manage Windows Hello for Business on devices at the time devices enroll with Intune


    --If the reply is helpful, please Upvote and Accept it as an answer--

    No comments

1 additional answer

Sort by: Most helpful
  1. Jason Sandys 30,881 Reputation points Microsoft Employee

    To my knowledge this is not achievable via any Windows or Windows Hello for Business configuration. Allowing device biometrics is all or nothing. Potentially, you could disable the camera itself, but that has bigger implications.

    What's the business requirement or motivation for wanting to only allow fingerprint-based biometrics?

    No comments