Select Page

Seeking a method to deactivate Windows Hello within Microsoft Intune? You’ve landed in the perfect spot! This guide is designed to walk you through the process, step by step. Although Windows Hello offers an advanced level of security through biometric authentication, it may not align with everyone’s preferences or requirements.

Understanding Windows Hello

Windows Hello introduces a biometric authentication system, utilizing either facial recognition or fingerprint scanning to grant access to devices. This feature, accessible on Windows 10, enhances security by offering a more personal way of signing in. However, for users or organizations not requiring this level of security, Microsoft Intune provides the flexibility to disable it.

Turning Off Windows Hello via Intune

When Windows Hello is active, the login screen on a new Windows 11 device will display as shown in the image below. However, this default setting might not be ideal for every user or organization.

To deactivate Windows Hello, we’ll employ a configuration profile policy specifically designed for this purpose.

Steps to Create a Configuration Profile:
  1. Navigate to the EndPoint Manager portal and sign in.
  2. Select “Devices” followed by “Configuration profiles”.
  3. Click on “New” to initiate a new profile creation.
  4. On the profile creation page, choose “Windows 10 and later” for the platform and “Templates” for the profile type.
  5. In the template search bar, type “Identity” and select “Identity protection”.
  6. Assign a name to your policy and proceed by clicking “Next”.

In the “Configuration settings” tab, locate the “Configure Windows Hello for Business” option and set it to “Disable”. The secondary option should remain “Not configured”.

During the “Assignments” phase, specify which users or groups should be affected by this policy. To enforce the policy across the board, opt for “All users”. Finalize your settings by reviewing the policy and then creating it.

Overview of Microsoft Intune

Microsoft EndPoint Manager stands as a robust security platform aimed at safeguarding devices and data against cyber threats. It serves as a guardian for your organization’s endpoints, which include laptops, desktops, servers, and mobile devices. Offering a suite of security features, Microsoft EndPoint Manager ensures your organization’s data remains protected through:

  • Antivirus and firewall defenses
  • Comprehensive patch management
  • Stringent device access controls

By following these steps, you can easily manage and disable Windows Hello through Microsoft Intune, aligning device security settings with your organization’s needs and preferences.