Skip to content

Set up Windows Hello

Now you set up Windows Hello for Azure AD users.

You can do this for all users in your Azure tenant, or for specific Azure AD user groups.

Click All users or Specific groups to see how.

  1. Go to the Microsoft Azure portal.

  2. Go to Devices > Device settings. Turn on Users may join devices to Azure AD.

    Device settings page

  3. Go to Devices > Overview > Feature Highlights and click Intune.

    Devices overview page

  4. Click Go to the new Microsoft Endpoint Manager admin center.

    Microsoft redirection page

  5. Select Devices.

    Microsoft Endpoint Manager

  6. Select Windows Enrollment and click Windows Hello for Business.

    Windows Enrollment page

  7. In Configure Windows Hello for Business, select Enabled.

    Configure the authentication method you want to use.

    Hello for Business settings

  1. Go to the Microsoft Azure portal.

  2. Go to Devices > Device settings. Turn on Users may join devices to Azure AD.

    Device settings page

  3. Go to Devices > Overview > Feature Highlights and click Intune.

    Overview page

  4. Click Go to the new Microsoft Endpoint Manager admin center.

    Microsoft redirection page

  5. Select Devices.

    Microsoft Endpoint Manager

  6. Go to Configuration profiles > Create profile.

  7. Enter the properties as follows:

    1. In Platform, select Windows 10 and later.
    2. In Profile, click Templates > Identity protection.
    3. Click Create.

  8. In Basics, enter a Name and Description. Click Next.

  9. In Configuration settings, do as follows:

    1. In Configure Windows Hello for Business, select Enabled.
    2. Configure the authentication method you want to use. For details of all settings, see Identity protection profile settings.
    3. Click Next.

    Configuration settings

  10. In Assignments, add user groups to the Included groups. These groups will use Windows Hello. Click Next.

    Assignments

  11. In Review + create, review your settings and click Create.

Next you join computers to Azure.