Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Open Search
Tag

Windows Hello

Enable windows hello login with camera on Windows 10 Intune joined machines

Symptom:

If you have a Windows 10 machine with a camera that supports Windows hello login you might see that Windows Hello is disabled by administrator.

windows 10 hello disabled

This is becasue of the Intune Policy in Microsoft Intune.

Implications:

Note, that if you want to enable Windows Hello you will also force the user that uses Azure AD join to enroll with a pin, adding an extra step to the Azure AD join process.

Steps:

Navigate to https://portal.azure.com and log in with admin credentials and select Intune.

intune blade

Select then Device enrollment.

device enrollment

Select then Windows Enrollment

windows enrollment

You should then see Windows Hello for Business, click it.

manage windows hello for business

You may create several policies based on Groups. However there should be a default policy that is assigned to everyone.

default policy

I had the policy disabled. Now click enable.

whfb status

You do not need to change any settings, just Ensure that you allow biometric auth. Then remember to click “Save”enable biometric and click save

That is it. On a Windows 10 Device you can update the policies or log off/on/restart to recieve this new policy.

windows hello enabled

You can also force this policy Down on the Device by syncronizing it:

syncronize with intune

6

Disable PIN code when joining Azure AD *UPDATED 2018

*THE AZURE AD PORTAL EXPERIENCE HAS BEEN UPDATED, TO FIND THIS SETTING IN THE NEW PORTAL LOOK HERE: Enable or Disable Windows hello in new AAD portal

If you are a larger organization or a school, simply asking your users to enter a pin and start authenticating with a phone might be challenging. Even more so when they have never done that before.

Here is how you disable PIN challenge and phone verification when joining Azure AD

UPDATE: In Azure.

  1. https://manage.windowsazure.com
  2. Go to Active Directory
  3. Select your Domain
  4. Select Applications
  5. Select Microsoft Intune
  6. Select Configure
  7. Under manage devices for these users, select All and click Save.
apps
Apps in Azure AD
configure
Configure the Intune app
manage all
Turn on MDM

In Intune.

  1. https://manage.microsoft.com
  2. Go to: Admin > Mobile Device Management > Windows > Passport for Work.
  3. Select: Deactivate Passport for Work on registered devices

Thats it.

deactivate passport

27

Surface Pro 4 Backward Compatibility and Out of The Box

Thinking about the new Surface Pro 4? Cool. It’s a very well built device with a even better pen!

However these are some things you might want to think about before you buy.

  1. The Surface Pro 4 will fit in the old Surface Pro 3 dock, but not 100% More like 90%. It will charge but it sits wrong, a bit tilted to one side due to its thinner design.
    • EDIT: There is a free adapter which you can order from Microsoft to fix this. Get it here
  2. The Surface Pro 3 Keyboard fits the new SP4 but not 100% more like 90% as the new SP4 has a smaller bezel the keyboard overlaps the screen area. The magnet also will not clip on as tight.
    WP_20151208_23_01_18_Pro
    Magnet not 100% on

    WP_20151208_23_01_51_Pro
    Keyboard overlapping
  3. pdates, then updates, and some more updates. When you Buy a SP4 you have to update the device for at least 1-2 hours before its “done”
  4. Windows Hello, is not supported out of the Box and you need to run that 1-2 hours of update and then update again to receive the necessary firmware update for Windows Hello to work.
  5. Screen bleeding, the screen is not perfect black. There are some edge bleeding.

    WP_20151208_23_03_15_Pro
    Some minor bleeding of the light on the bottom
But you know what. Despite all this, the device is awsome and I love Windows Hello!
I just sit down in front of the camera and “whosh” it logs me in, every time!
I would recommend this device to all my family members and my business associates!
3

Blog at WordPress.com.

Up ↑

%d bloggers like this: