Enable windows hello login with camera on Windows 10 Intune joined machines

Symptom:

If you have a Windows 10 machine with a camera that supports Windows hello login you might see that Windows Hello is disabled by administrator.

This is becasue of the Intune Policy in Microsoft Intune.

Implications:

Note, that if you want to enable Windows Hello you will also force the user that uses Azure AD join to enroll with a pin, adding an extra step to the Azure AD join process.

Steps:

Navigate to https://portal.azure.com and log in with admin credentials and select Intune.

Select then Device enrollment.

Select then Windows Enrollment

You should then see Windows Hello for Business, click it.

You may create several policies based on Groups. However there should be a default policy that is assigned to everyone.

I had the policy disabled. Now click enable.

You do not need to change any settings, just Ensure that you allow biometric auth. Then remember to click “Save”

That is it. On a Windows 10 Device you can update the policies or log off/on/restart to recieve this new policy.

You can also force this policy Down on the Device by syncronizing it:

6 thoughts on “Enable windows hello login with camera on Windows 10 Intune joined machines”

Add yours

Darren Powles
February 27, 2018 at 3:36 pm


When using Windows Hello (I’ve only tested PIN) on an Azure AD Joined device, we are unable to access on-premise file server without manually entering credentials. If we login to the device with password, it works fine. Do you know any fix?

LikeLike

- haukeberg
  February 27, 2018 at 3:40 pm
  
  
  I think that is a bit though and requires windows Hello on prem plus certificate authority. I really don’t know where to start.
  
  LikeLike
  
Meshx86
July 19, 2018 at 7:53 am


Hi Mate,

Is that valid for Azure AD for Office 365? i keep getting errors and Acces deinged when trying to access Intune (or Microsoft Intune i don’t know what the difference is) App on the admin console.

any ideas?

LikeLike

- haukeberg
  July 19, 2018 at 8:17 am
  
  
  If you get error accessing intune or Azure portal it probably means your account does not have the right access privileges.
  This article is a bit old also, the menus might have changed a bit.
  
  LikeLike
  
  - Meshx86
    July 20, 2018 at 12:53 am
    
    Turns out to be a license issue, we’re having Office 365 Business Premium with god knows what tier of Azure AD, starting Trial of Azure AD Premium P2 didn’t solve it, starting EMS E5 Trial solved it.
    
    Bloody Microsoft and their confusing error messages (access denied instead of you’re not entitled to use this feature), confusing product naming and subscription plans.
    
    LikeLike
haukeberg
July 20, 2018 at 1:49 pm


The feature should only require EMS E3. Or intune and Azure AD P1
You can check what is the cheapest before you buy.

EMS E5 is a more expensive unless you need those extra features. 🙂

LikeLike

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V