Usage guide: Windows Hello for Business

The Windows Hello for Business library pack enables EUC teams to:

  • Enhance security by reducing the risk of phishing attacks and credential theft.

  • Simplify user authentication with faster and more convenient login methods.

  • Reduce IT workload by minimizing the need for password resets and management.

  • Increase productivity by streamlining the login process for users.

In addition, this library pack offers a user campaign to drive awareness of proper safety procedures.

Library pack uses

Jump to Use cases on this page to see relevant scenario applications.

Use the library pack content for the following purposes.

Visibility

The Windows Hello for Business live dashboard is the starting point of this library pack. It monitors and manages WHfB deployment across your organization, providing an overview of activated devices and authentication methods. The dashboard shows the distribution of passwords, PINs, and biometrics, helping identify trends and areas for improvement. The library pack also includes a user campaign to promote secure sign-in methods and directs users to relevant documentation.

The remote action Get Windows Hello readiness and usage and Get password expiry for Entra ID endpoints are used to gather data for the live dashboard. The "Get Windows Hello readiness and usage" remote action is used to check enrollment and support features. The "Get password expiry for Entra ID endpoints" is used to show how many users have passwords expiring within the next 7 days.

Ensure that the remote actions trigger configuration is scheduled before utilizing the dashboard.

Education and awareness

Identify current practices to encourage the adoption of more secure authentication methods, then launch a campaign to educate users on the benefits while providing instructions for enabling and using alternative sign-in methods.

Use cases

In addition to the relevant use cases covered below, you may uncover other troubleshooting scenarios specific to your environment.

Identifying devices for which the feature is not enrolled

Drill down to device objects on the Not enrolled devices widget:

  1. From the Investigations page, find the Drill down to option in your query results and select Devices. Use the list of devices to activate the feature via GPO or other methods used in the organization.

  1. Use the list of devices to activate the feature via GPO or other methods used in the organization.

Encourage users to adopt safer authentication methods

  1. Drill down to devices where the last authentication was performed using a password.

  1. Select all devices and retrieve the associated users. Apply additional filters as needed, such as “AD user not empty”.

  1. Deploy the “Windows Hello for Business” campaign to the selected users.

RELATED TOPICS

Last updated

Was this helpful?