Disable Windows Hello but not Windows Hello for Business by GPO
Posted by dirmhirn@reddit | sysadmin | View on Reddit | 4 comments
Hi,
Windows 10/11 offer as sign-in method Windows Hello with PIN/Fingerprint/Camera. Is it possible to disable Windows Hello, but enable Windows Hello for Business only, as soon as the device is ready for WHfB?
I tried to disable convenience pin, but it still shows the PIN option and I can enable it, although WHfB is not yet ready to provision. (Device is not Entry joined yet.)
anyone did this bevore?
We have to enable hybrid join for all devices first and then WhfB. But I'm worried some devices might fail and users enable Windows Hello instead of WH for Business.
br Dirm
xxdcmast@reddit
I wouldn’t worry about it. By design. Windows hello for business will take and “upgrade” any hello registered biometrics when the system enrolls in hello for business.
dirmhirn@reddit (OP)
Do you have any source for this? I only found an older guide suggesting to delete the old PIN first. I'll try to test this tomorrow.
xxdcmast@reddit
It’s part of the enrollment splash screen. I will see if I can upload a pic.
dirmhirn@reddit (OP)
ah thanks, I'll check this