Powered by MukeshLPM

Use Intune Windows Hello for Business (WHfB) with Face & PIN » CloudInspired.com

by


In this video, we take a deep dive into configuring Windows Hello for Business (WHfB) using Microsoft Intune passwordless authentication using dual Multi-Factor Unlock using both PIN and Facial recognition for extra security on the end user Windows device.

This is a hybrid environment where on-premise active directory is synced to EntraID using Entra Connect sync.

Windows Hello for Business (WHfB) Cloud Kerberos Trust
Windows Hello for Business (WHfB) Cloud Kerberos Trust

One of the problems with Windows hello and using passwordless and PIN authentication is accessing traditional file shares etc and authenticating with Domain Controllers on premise. The single biggest issue during initial deployment is where a synced user identity is required to authenticate to a hybrid environment. We have our internet end user Windows 11 device, enrolled as a Entra ID Joined device, a cloud only device (not domain joined) and managed by Intune but you want the user to still access resources within your domain over a VPN or when in the office over a LAN. This is where cloud Kerberos trust comes into action where we create a Azure AD Kerberos server object in the Active Directory domain.

WHfB Face and PIN
WHfB Face and PIN

This will enable us to authenticate using Microsoft Entra Kerberos to request Kerberos ticket-granting tickets and access on-premise file shares. This eliminates the need for any complex PKI public key infrastructure using certificates to deliver a simple solution to access.

Contents of this video using Windows Hello for Business
  1. Intro
  2. Basic Windows Hello for Business (WHfB) settings in Intune
  3. User / Device Group for WHfB
  4. Advanced Intune Settings for WHfB using Profiles
  5. Intune Multi-Factor Unlock PIN and Facial
  6. Conditional Access enable MFA as part of your device registration process
  7. Inactivity Device Lock
  8. Test Multi-Factor Unlock on Device
  9. Accessing On-Premise resources with WHfB
  10. Enabling Entra ID Kerberos for hybrid identities
  11. Cloud Kerberos Trust using Intune policy (not OMA-URI) pre-defined settings
  12. Test Windows 11 accessing On-Premise share

About cloudinspired

Cloud Inspired authors have over 30 years experience within the IT industry, providing expertise and knowledge on infrastructure, hybrid, public and private clouds platforms.


Detailed easy to follow technical videos, training and tutorial guides are provided by subject matter experts covering various technologies including Azure, IaaS, SaaS, PaaS and Microsoft 365.


This website focuses mainly on the Microsoft 365 and Azure Cloud platform and provides easy to follow step by step technical guides, diagrams, cloud certifications and tutorials. The aim is to deliver articles and videos on Microsoft 365 and Azure Cloud from start to finish on many different Azure services and certifications, building and increasing the viewers knowledge in a short, logical, easy to understand format quickly getting to the point of the subject matter!

Check out the YouTube channel for a full list of published Cloud Inspired videos and lets get inspired about Cloud!


View all posts by cloudinspired →


Share this content:

I am a passionate blogger with extensive experience in web design. As a seasoned YouTube SEO expert, I have helped numerous creators optimize their content for maximum visibility.

Contact

Leave a Comment

© 2025 Marketer • Built with GeneratePress
Privacy Policy Terms Contact