Search the Petri IT Knowledgebase
search icon

close

Icon for On-demand Conference

On-demand Conference

Virtual Desktop Infrastructure 1-Day Virtual Conference

Icon for New E-Book

New E-Book

Microsoft Teams Backup

Icon for Latest Whitepaper

Latest Whitepaper

7 Critical Reasons for Microsoft 365 Backup

Icon for New E-Book

New E-Book

4 Strategies for Cloud Storage Optimization

Home

Endpoint Protection

Microsoft 365

Security

How to Enable Windows Hello for Business

Vignesh Mudliar

 |

Sep 16, 2021

In this article, I’m going to show you how to enable Windows Hello for Business.

You should enable Windows Hello for Business to reduce the risk associated with passwords. Even if your users’ devices don’t have hardware that supports Windows Hello, like a fingerprint reader, you can still have them use a PIN to login.

Enabling Windows Hello for Business involves 3 steps. First you turn on Windows Hello for Business in Microsoft Endpoint Manager (MEM). Then you can configure any additional settings, like requiring devices to have a Trusted Platform Module (TPM). Finally, you assign the Windows Hello policy to a configuration profile.

What is Windows Hello for Business

Windows Hello for Business is a solution in modern versions of Windows. It lets users securely log into Windows and websites using a PIN or biometric gesture, like a fingerprint or facial recognition.

Microsoft says that PINs are more secure than passwords. Because the PIN is associated with the device only. And unlike passwords, Windows Hello PINs cannot be used on other devices. So, the PIN is useless to a hacker should it be discovered.

You can enable Windows Hello for all users from the Endpoint Manager Admin Center as shown here.

  1. Click on Devices and under Device enrollment, click Enroll devices.
  2. On the next window, select Windows Hello for Business.

 

3. On the Windows enrollment screen, set the value of Configure Windows Hello for Business to Enabled. You can also set the other options as per your organization’s needs, like requiring a TPM or setting PIN requirements.

You can also enable Windows Hello for specific users or groups. To assign your Windows Hello policy to specific users or groups:

  1. Go to the Endpoint Manager Admin Center and going to Devices > Configuration Policies > Create Profile.
  2. In the profile options, select the values as needed. Here, we have created a policy to be applied on Windows 10 and later OSes, and the template is ‘Identity protection’.

 

3. On the next window, select the users or groups to which this policy will be applied. And you must also select the conditions which will trigger this policy.

And that is it! Now you have enabled Windows Hello for Business for the users and groups you selected in your configuration profile.

More from Vignesh Mudliar

How to Customize Endpoint Security Settings in Microsoft Intune

How to Create a Compliance Policy in Microsoft Intune

How to Enable Windows Hello for Business

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Security

Security

Petri Dish: Cybersecurity vs IT Security with Devolutions

Sep 28, 2022 | Russell Smith

Security

Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator

Sep 22, 2022 | Rabia Noureen

Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices

Sep 12, 2022 | Rabia Noureen

Security

LastPass Confirms Internal Source Code Compromised in Security Breach

Aug 26, 2022 | Rabia Noureen

Security

Avast Gets New Ransomware Shield to Protect Small Businesses

Aug 24, 2022 | Rabia Noureen

Mandiant Warns Hackers Now Use New Trick to Bypass MFA

Aug 22, 2022 | Rabia Noureen

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use