*THE AZURE AD PORTAL EXPERIENCE HAS BEEN UPDATED, TO FIND THIS SETTING IN THE NEW PORTAL LOOK HERE: Enable or Disable Windows hello in new AAD portal
If you are a larger organization or a school, simply asking your users to enter a pin and start authenticating with a phone might be challenging. Even more so when they have never done that before.
Here is how you disable PIN challenge and phone verification when joining Azure AD
UPDATE: In Azure.
- Go to Active Directory
- Select your Domain
- Select Applications
- Select Microsoft Intune
- Select Configure
- Under manage devices for these users, select All and click Save.
- Go to: Admin > Mobile Device Management > Windows > Passport for Work.
- Select: Deactivate Passport for Work on registered devices
November 22, 2016 at 8:47 pm
This seems to be out of date now. Any idea how you accomplish this now?
November 22, 2016 at 11:01 pm
It’s still there. If you use SCCM it’s in there.
December 1, 2016 at 9:01 am
how can I open SCCM in Azure or any other portal on Microsoft?
December 1, 2016 at 11:06 am
You can’t do that. It’s either SCCM or Intune as the front end portal
June 27, 2017 at 6:58 am
It is still there. You need intune and use the classic portal at http://manage.microsoft.com
March 1, 2017 at 9:45 am
Is there any way to do this without Intune?
March 2, 2017 at 9:31 pm
You can skip the PIN if you are not aad joining.
March 14, 2017 at 11:20 pm
On my Intune Tenant Passport appears to have been replaced by Hello for Business. Tried disabling that but didn’t seem to work?
March 15, 2017 at 12:21 am
That is correct. Make sure you have it set for disabled, not that other option.
March 15, 2017 at 9:51 pm
Yes, that “other” option of not configured seemed to be my issue. Disabled seems to have done it.
March 21, 2017 at 5:27 pm
May 22, 2017 at 7:16 am
I have it disabled under Mircrosoft itune ” under Windows Hello for business but still asks for the pin
May 22, 2017 at 5:25 pm
Did you reset the device?
June 1, 2017 at 3:45 am
Any idea how to do this with just Office 365 and not Azure Intune?
June 1, 2017 at 7:55 am
Good question, I have not seen this control box outside of intune. If it is available for just 365 users it should be somewhere in https://portal.Azure.Com
June 27, 2017 at 3:56 am
Just confirmed with MS that it can only be done per-device via local policy. Very daft to globally enforce a policy to customers who can’t globally disable it.
June 27, 2017 at 6:56 am
You are right. This is a global policy. Not per device.
It is managed global through intune.
September 19, 2017 at 5:18 pm
You can. In O365 portal go to Subscriptions, sign up for Intune free trial 30 days, then follow steps above – 1. select Intune to manage all devices in AzureAD, 2. In Intune portal disable WIndows Hello under Admin/Device Management/Windows. Let trial expire.
September 8, 2017 at 7:32 pm
Is there any way to keep Windows Hello but disable the PIN requirement.
September 9, 2017 at 12:13 am
It does not seem so yet. I also believe that when you disable windows hello in Intune, Windows Hello camera login on Surface Pro 4 does not work either. That is a bummer 😦
LikeLiked by 1 person
September 13, 2017 at 8:48 pm
I might figured out a workaround to this if you do not have intune.
What I did was :
1. Enroll the computer to Azure AD
2. Log out of the local account, and login with the Azure AD Account.
3. When it says it requires a PIN, turn off the computer, turn it back on.
4. Login in again with the Azure AD Account.
LikeLiked by 1 person
September 13, 2017 at 9:33 pm
It s a even easier way. When you see the windows hello pin prompt. Just click next then while the screen loads you quickly click the X in the upper right corner.
On the next screen just select “skip”
Now you should have bypassed windows Hello for now.
January 3, 2018 at 2:16 pm
How do you do this in the new Azure AD Portal? I can’t find any thing related to Windows Hello.
January 3, 2018 at 2:17 pm
I made a new blogpost here in the new AAD portal: https://haukeberg.wordpress.com/2017/12/24/enable-windows-hello-login-with-camera-onwindows-10-intune-joined-machines/
LikeLiked by 1 person
January 3, 2018 at 2:27 pm
Thanks! Just found it, and disabled it. But still it says that our corp is requiering the user to enable windows hello in OOBE. Can this have something to do with ADFS Federation?
January 3, 2018 at 2:30 pm
Don’t know, but it takes some time for the settings to apply in Intune. It might not happen instantly. ADFS should not check for this.