Deep dive into configuring Windows Hello for Business (WHfB) using Microsoft Intune passwordless authentication using dual Multi-Factor Unlock using both PIN and Facial recognition for extra security on the end user Windows device. This is a hybrid environment where on-premise active directory is synced to EntraID using Entra Connect sync.
We also configure Cloud Kerberos Trust to request Kerberos tickets and access on-premise file shares. Enabling Azure AD Kerberos creates an “Azure AD Kerberos” server object in the domain to enable access to on-premise shares.
Topics Covered:
✅ 00:08 Intro to Windows Hello for Business (WHfB)
✅ 02:50 Basic WHfB settings in Microsoft Intune
✅ 03:30 Creating a User or Device Group for WHfB deployment
✅ 04:46 Advanced Intune settings using Configuration Profiles
✅ 06:38 Multi-Factor Unlock using PIN and Facial Recognition
✅ 07:46 Conditional Access to require MFA during device registration
✅ 08:37 Configuring Inactivity Device Lock for security
✅ 09:25 Testing Multi-Factor Unlock on a Windows 11 device
✅ 10:38 Accessing On-Premise resources and shares securely with WHfB
✅ 11:56 Setting up Entra ID Kerberos for hybrid identities
✅ 13:17 Deploying Cloud Kerberos Trust pre-defined settings, no OMA-URI
✅ 14:17 Testing Windows 11 access to an On-Premise shared resource
By the end of this tutorial, you'll understand how to deploy, configure, and test WHfB in both cloud and hybrid environments, enhancing security while simplifying authentication for users.
🔔 Don't forget to like, subscribe, and hit the notification bell for more IT security and Intune management guides!
Configure unlock factors PIN and Facial Recognition
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/multifactor-unlock?tabs=intune#configure-unlock-factors
📌 #WindowsHelloForBusiness #Intune #AzureAD #ConditionalAccess #HybridIdentity #Windows11 #MicrosoftSecurity