If you have a Windows 10 machine with a camera that supports Windows hello login you might see that Windows Hello is disabled by administrator.
This is becasue of the Intune Policy in Microsoft Intune.
Note, that if you want to enable Windows Hello you will also force the user that uses Azure AD join to enroll with a pin, adding an extra step to the Azure AD join process.
Navigate to https://portal.azure.com and log in with admin credentials and select Intune.
Select then Device enrollment.
Select then Windows Enrollment
You should then see Windows Hello for Business, click it.
You may create several policies based on Groups. However there should be a default policy that is assigned to everyone.
I had the policy disabled. Now click enable.
You do not need to change any settings, just Ensure that you allow biometric auth. Then remember to click “Save”
That is it. On a Windows 10 Device you can update the policies or log off/on/restart to recieve this new policy.
You can also force this policy Down on the Device by syncronizing it: