Windows Hello for Business - currently unavailable after MDM enroll RRS feed

  • Question

  • I have a VM which I manually performed an AAD join (+ auto-enroll to MDM (Intune)). We have a configuration profile in Intune to enable Windows Hello for Business with custom PIN policy. After signing in with the Office 365/AAD user account, I noted there was no UI to setup Windows Hello. When I inspect the Accounts settings for Sign-in options, it shows that Windows Hello PIN (since it's only a VM) is "currently unavailable".

    Initially puzzled since another existing VM has long been running with same user account could operate Windows Hello PIN with no problems, I subsquently traced down the original configuration profile had the Use a Trusted Platform Module (TPM) setting enabled, and the former VM did have a virtual TPM operating, while this latter VM didn't.

    But, after adjusting (disabling) that setting, and seeing it successfully applied to the VM, and after multiple OS restarts, Windows Hello PIN is still unavailable for that VM. Also signed in as a separate administator user to inspect the local group policy, observing that none of the [Windows Hello for Business] administrative template settings has opposing values (all Not configured).

    What other possible setting location has been missed for Windows Hello for Business to properly take effect?

    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral

    Tuesday, April 14, 2020 9:19 AM


  • Shut down the VM and added virtual TPM to it. On boot and sign-in, Windows Hello for Business (PIN) became available for setup.

    So it seems despite the previous "revocation" of the Intune policy requiring TPM, Windows still wants a TPM before letting Windows Hello (PIN) work.

    That isn't the true answer I was looking for, as I'd like to know what's the actual significance of not requiring the Use a Trusted Platform Module (TPM) option.

    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral

    • Marked as answer by icelava Wednesday, April 15, 2020 9:41 AM
    Wednesday, April 15, 2020 9:41 AM