Windows Hello Profile

Windows Hello is a more secure way to get instant access to Windows 10 devices using biometric gestures (fingerprint/facial recognition) or PIN gesture. This profile allows admins to configure fingerprint/facial recognition or set a PIN on the enrolled devices that help the users to get access to the applications, websites, and networks.

note

The device must be Microsoft Entra ID (formerly Azure Active Directory) Joined and enrolled through Windows EMM or Dual Enrollment mode. The device should support Windows Hello for this feature to work.

To configure fingerprint/facial recognition or set a PIN on the enrolled device(s), follow these steps:

Navigate to SureMDM Web Console > Profiles > Windows > Add > Windows Hello > Configure.
Enter a Profile Name.
Configure Windows Hello settings and click Save.

Settings	Description
Windows Hello	Allow the use of Windows Hello for business.
Use Biometrics	Allow the use of biometric gestures such as fingerprint or face recognition instead of PIN gesture.
TPM	Enable this option to disallow TPM (Trusted Protection Module revision 1.2) from using with Windows Hello profile.
Minimum Pin Length	Enter the minimum number of digits for setting a PIN.
Maximum Pin Length	Enter the maximum number of digits for setting a PIN.
Digits	Set the usage of digits (Allowed/Required/Not Allowed).
Upper Case Letters	Configure the use of upper case letters (Allowed/Required/Not Allowed).
Lower Case Letter	Configure the use of lower case letters (Allowed/Required/Not Allowed).
Special Characters	Configure the use of special characters (Allowed/Required/Not Allowed).
Use Security Key For Sign In	Use this option for the users to sign-in to their device with FIDO security key.

The newly created profile will be listed under the Profiles section.

Go back to the Home tab and select the Windows device(s) or group(s).
Click Apply to launch the Apply Job/Profile To Device prompt.
Select the profile under All Jobs/Profiles.
Click Apply in the Apply/Profile To Device prompt.