deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/hello-for-business/policy-settings.md
Paolo Matarazzo 2e454254b7 freshness review
2024-11-22 06:55:55 -05:00

4.7 KiB
Raw Blame History

title, description, ms.topic, ms.date
title description ms.topic ms.date
Windows Hello for Business policy settings Learn about the policy settings to configure Configure Windows Hello for Business. reference 11/22/2024

Windows Hello for Business policy settings

This reference article provides a comprehensive list of policy settings for Windows Hello for Business. The list of settings is sorted alphabetically and organized in four categories:

  • Feature settings: used to enable Windows Hello for Business and configure basic options
  • PIN setting: used to configure PIN authentication, like PIN complexity and recovery
  • Biometric setting: used to configure biometric authentication
  • Smart card settings: used to configure smart card authentication used in conjunction with Windows Hello for Business

For information about how to configure these settings, see Configure Windows Hello for Business.

Select one of the tabs to see the list of available settings:

:::image type="icon" source="images/hello.svg"::: Feature settings

Setting Name CSP GPO
Configure device unlock factors
Configure dynamic lock factors
Use a hardware security device
Use certificate for on-premises authentication
Use cloud (Kerberos) trust for on-premises authentication
Use Windows Hello for Business

[!INCLUDE configure-device-unlock-factors] [!INCLUDE configure-dynamic-lock-factors] [!INCLUDE use-a-hardware-security-device] [!INCLUDE use-certificate-for-on-premises-authentication] [!INCLUDE use-cloud-trust-for-on-premises-authentication] [!INCLUDE use-windows-hello-for-business]

:::image type="icon" source="images/pin.svg"::: PIN settings

Setting Name CSP GPO
Expiration
History
Maximum PIN length
Minimum PIN length
Require digits
Require lowercase letters
Require special characters
Require uppercase letters
Use PIN recovery

[!INCLUDE expiration] [!INCLUDE history] [!INCLUDE maximum-pin-length] [!INCLUDE minimum-pin-length] [!INCLUDE require-digits] [!INCLUDE require-lowercase-letters] [!INCLUDE require-special-characters] [!INCLUDE require-uppercase-letters] [!INCLUDE use-pin-recovery]

:::image type="icon" source="images/fingerprint.svg"::: Biometric settings

Setting Name CSP GPO
Configure enhanced anti-spoofing
Enable ESS with Supported Peripherals
Use biometrics

[!INCLUDE configure-enhanced-anti-spoofing] [!INCLUDE enable-ess-with-supported-peripherals] [!INCLUDE use-biometrics]

:::image type="icon" source="images/smartcard.svg"::: Smart card settings

Setting Name CSP GPO
Turn off smart card emulation
Allow enumeration of emulated smart card for all users
Use Windows Hello for Business certificates as smart card certificates

[!INCLUDE allow-enumeration-of-emulated-smart-card-for-all-users] [!INCLUDE turn-off-smart-card-emulation] [!INCLUDE use-windows-hello-for-business-certificates-as-smart-card-certificates]