You can enable and configure Windows Hello for Business (WHfB) in few different places. In this post, we’ll look at enabling it with ConfigMgr. You can access WHfB settings from Assests and Compliance > Compliance Settings > Company Resource Access > Windows Hello for business Profiles.
Once there, click “Create Windows Hello for business Profile” from the ribbon and give your profile a name. Next, we get a list of the settings that you can configure:
Some things to pay attention to are the differences between “Not configured”, “Allowed”, and “No” in some of the boxes. These will determine if a user can use one, but it not be required. Also, complexity it important as well, including PIN length and character requirements. Remember that a WHfB PIN is local to the individual device and cannot be used for remote access, so you may be able to be a little more lenient in your PIN complexity requirements.
After you have your policy, you can save it and deploy it to a collection. As with a lot of policy-based collections, I recommend that you create collections specifically for WHfB deployments. It can make troubleshooting issues much easier.
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.
