Azure AD Windows Hello for Business

testuser7 256 Reputation points
2022-08-30T14:37:06.037+00:00

Hello,

one question about Windows Hello for Business.

Can WHfB work on the latest window 10/11 device which does not have FP sensor or any other biometric sensor ?
Meaning , can I run WHfB on such device with just PIN ?

In other words, Can you provision PIN on such device which is lacking such physical in-built sensors ?

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,544 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 38,861 Reputation points
    2022-08-30T14:45:35.943+00:00

    Hi Testuser,

    With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM).The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key.

    This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device.

    Also check this requirements for WHFB - windows-hello-biometric-requirements

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments