Step-by-step Windows Hello PIN for Hybrid Windows 10 using Key-based authentication and Intune

Показать описание

In this video we see a demo of implementing Windows Hello PIN based authentication for hybrid joined, SCCM Intune co managed devices by setting Intune device configuration.

Here are the custom CSP settings

./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/UsePassportForWork = true (Boolean)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/PINComplexity/Digits = 1 (Integer)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/PINComplexity/History = 5 (Integer)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/PINComplexity/Expiration = 90 (Integer)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/RequireSecurityDevice = true (Boolean)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/EnablePinRecovery = true (Boolean)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/UseCertificateForOnPremAuth = false (Boolean)
./Device/Vendor/MSFT/PassportForWork/Biometrics/UseBiometrics = true (Boolean)
./Device/Vendor/MSFT/PassportForWork/Biometrics/FacialFeaturesUseEnhancedAntiSpoofing = true (Boolean)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/PINComplexity/MinimumPINLength = 6 (Integer)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/PINComplexity/MaximumPINLength = 16 (Integer)
./Device/Vendor/MSFT/PassportForWork/AAD Tenant ID/Policies/PINComplexity/SpecialCharacters = 1 (Integer)

Рекомендации по теме

Комментарии

Limited to the essentials and easy to follow. Thumb up!

frankmaxwitat

Thank you very much for this video, very easy to understand and gave me great fundamentals of what I need to know to implement WHFB. Thanks! Martin

nateespera

Super informative. I was driving nuts to find the suitable hybrid WHFB

valavanchandran

Really appreciate your video presentation. I liked it.

gandhamsugandh

I like the level of detail, Anubhav. Great video.
One thing I don't understand is why we need to install a root certificate if we are doing hybrid key-based authentication? Your note says "Certificate on DC" is "For Azure AD joined devices"
Do we still need to follow the installation of the cert?

yousefal-awadi

Since your devices on AD joined on-prem you don't need to configure the CLR Distribution point?

jacobricci

@Anubhavin If I do not enable MFA, will I get MFA prompt at the time of changing sign-in?

chetansharma

How do I transfer the workload from SCCM to intune? and why would you need to do this if the device is co-managed?

clivebuckwheat

Hello Anubhavin, In Hybrid Environment, does Computers joined to Local AD or Azure AD ?
Also, 9:42 Are you logging to local domain to see if you get Hello PIN or you are logging to Azure AD?
The Certificate thing that you did on Server, Do we have import that Cert on Domain Joined PC or it will just stick to Domain Controller ?

lovejitsingh

Got stuck on the Certificate Authority issuing the cert. I have no certificates there at all.

justinpfeil

Does the PIN work for any device the user logged on or only on that device? Because I have enabled the Windows Hello for everyone under Windows Enrolment without any certificates on DC and users are able to Set PIN and use Windows Hello for Business. I want to understand what is the difference?

nagsadaram

Thank you for creating this informative video, Anubhav. Have you tried Certificate based trust type hybrid deployment also?

santoshseth

Great video. With this setup, will an Azure AD Joined computer be able to access on-premise resources if the end user signs in with PIN or biometric?

mrmnztr

Great video. How do I get this to work with AVD as well? It asks user for PIN, but PIN login to AVD doesn't works.

sahil

is that the Certificate Server also a domain controller ? I have 2 domain controllers, 1 of them is primary and have Azure AD Connect

mingtakpoon

Step-by-step Windows Hello PIN for Hybrid Windows 10 using Key-based authentication and Intune

How To Setup Windows Hello PIN In Windows 11 [Tutorial]

Step-by-step Windows Hello PIN for Hybrid Windows 10 using Key-based authentication and Intune

How To Setup Windows Hello Pin To Login || Add Windows Hello Pin In Windows 10

How to Remove the Windows Hello Pin So You Can Login with Your Password

How To Set A Windows 10 Pin Code

Solved: Windows Hello Pin problem.

Why is the PIN for Windows Hello more secure than a password? | One Dev Question

Deploy Windows Hello for Business using Configuration Profiles

Technical deep dive bootcamp on Microsoft AVD and Windows 365

How to Reset Your Windows PIN [Tutorial]

Passwordless RDP with Windows Hello for Business Step-by-Step Demo

Configure Windows Hello for Business for Passwordless Authentication

How to Setup Windows Hello On Windows 11

How to Setup Windows Hello Sign-in Options in Windows 11

How to enable Windows Hello for Domain Users via Group Policy (pin face fingerprint gray out)

How to set up Windows HELLO Windows 11 (Official Dell Tech Support)

Intune Tutorial 39- Windows Hello for Business Deployment

Demo Windows Hello For Business with VinCSS FIDO2 Touch 1

So kannst du den Windows Hello pin deaktivieren & entfernen | #Windows_Ivo

Windows 10 Windows Hello Problem Fixed [Tutorial]

How To Remove Windows Hello Pin From Windows 10 Laptop

Windows Hello for Business Part 1

Why you should NEVER login to Windows with a Microsoft Account!

How to Disable PIN Requirement When Joining Windows Devices to Azure AD