Disable windows hello for a user group
I do have a question around windows hello for business and autopilot/endpoint manager
1> whfb currently disabled at Devices > Enrollment > Enroll devices > Windows enrollment > Windows Hello for Business.
2> There are about 200 devices currently in intune (aad/intune managed). - windows hellow shouldn't be enable
3> new set of devices needs windows hello enable
4> indetity policy define to enable whfb under device configuration and targeted the new group which needs whfb enable
5> the policy dosent always apply as part of oobe (needs atleast one reboot) - mixed results mostly apply after first reboot (not part of oobe)
The best way to apply whfb is to apply at windows enrollment however will it impact the 200 devices which are already in intune. i do not want those devices to be enabled with windows hello (but new devices to get whfb as part of oobe)
based on
Policies for Windows Hello for Business are enforced using the following hierarchy: User Group Policy > Computer Group Policy > User MDM > Device MDM > Device Lock policy.
wonder if I configure as below will it impact the existing devices
1> enable whfb in windows enrolment (tenant settings)
2> disable whfb using the identity policy (device configuration) targetted for the old 200 devices & 200 users