We have deployed the OIB Windows Hello for Business configuration profile to Windows devices. Our intended use case is only to allow users to use Windows Hello for Business for local Windows sign-in and device unlock.
After deployment, users are being prompted to use Windows Hello / facial recognition / fingerprint in other authentication scenarios, such as RDP sessions, intranet sign-in, and Microsoft 365 / Azure web portals.
In some of these scenarios, Windows Hello authentication is not supported or does not complete successfully, so users have to cancel and manually choose username/password instead. This is causing user confusion and service desk calls.
Could you please confirm if this behaviour is expected when deploying the OIB WHfB profile?
Also, is there a recommended OIB configuration for organisations that want WHfB only for Windows sign-in/unlock, without users being prompted for Windows Hello/biometrics in other authentication flows?
Note: I haven't deployed the following config yet
Win - OIB - SC - Windows Hello for Business - D - Cloud Kerberos Trust - v3.5
Thank you
We have deployed the OIB Windows Hello for Business configuration profile to Windows devices. Our intended use case is only to allow users to use Windows Hello for Business for local Windows sign-in and device unlock.
After deployment, users are being prompted to use Windows Hello / facial recognition / fingerprint in other authentication scenarios, such as RDP sessions, intranet sign-in, and Microsoft 365 / Azure web portals.
In some of these scenarios, Windows Hello authentication is not supported or does not complete successfully, so users have to cancel and manually choose username/password instead. This is causing user confusion and service desk calls.
Could you please confirm if this behaviour is expected when deploying the OIB WHfB profile?
Also, is there a recommended OIB configuration for organisations that want WHfB only for Windows sign-in/unlock, without users being prompted for Windows Hello/biometrics in other authentication flows?
Note: I haven't deployed the following config yet
Win - OIB - SC - Windows Hello for Business - D - Cloud Kerberos Trust - v3.5
Thank you