Last Update: Sep 04, 2024 | Published: Sep 16, 2021
In this article, I’m going to show you how to enable Windows Hello for Business.
You should enable Windows Hello for Business to reduce the risk associated with passwords. Even if your users’ devices don’t have hardware that supports Windows Hello, like a fingerprint reader, you can still have them use a PIN to login.
Enabling Windows Hello for Business involves 3 steps. First you turn on Windows Hello for Business in Microsoft Endpoint Manager (MEM). Then you can configure any additional settings, like requiring devices to have a Trusted Platform Module (TPM). Finally, you assign the Windows Hello policy to a configuration profile.
Windows Hello for Business is a solution in modern versions of Windows. It lets users securely log into Windows and websites using a PIN or biometric gesture, like a fingerprint or facial recognition.
Microsoft says that PINs are more secure than passwords. Because the PIN is associated with the device only. And unlike passwords, Windows Hello PINs cannot be used on other devices. So, the PIN is useless to a hacker should it be discovered.
You can enable Windows Hello for all users from the Endpoint Manager Admin Center as shown here.