Enrolling in Windows Hello for Business

Windows Hello for Business (WHfB) is an alternate authentication method for Windows devices that allow users to sign in using biometric (face or fingerprint) and pin code methods, avoiding the need to use their traditional password (however, the password option is still available if needed).

Instructions

Prerequisites

In order to enroll in WHfB, the following requirements need to be met:

  • The user enrolling needs to be enrolled in the UMS Duo MFA first.
  • The device needs to meet Windows 11 requirements, such as being Bitlocker encrypted and TPM enabled.
  • During enrollment, the device needs to have line of sight to our Active Directory environment by being on a UMS campus network or on the UMS VPN.
  • To use a webcam as an authentication method, the webcam needs to have IR capability. 

Enrollment Procedure

  1. Navigate to the Software Center and install the Windows Hello for Business package.Screenshot showing the Software Center entry for Windows Hello with the blue Install button.
  2. The package will confirm hardware and network requirements. If successful, you should get a pop up asking to open. Click AlwaysScreenshot showing the pop up to choose an app.
  3. You will have an enrollment window appear. Click OK. Then, you will be required to approve an MFA prompt with Duo.Screenshot showing the Windows Hello enrollment screen with options listed and description of what it is.Screenshot showing what the Microsoft MFA prompt looks like with Duo.
  4. Next, enter a PIN code. Other options, such as face recognition or fingerprint, will be available if the device supports those methods.Screenshot showing Windows Hello asking for a PIN number to enroll in Windows Hello for Business.

Environment

  • Windows 10/11.
Print Article