question

Willcutaflip-6102 avatar image
0 Votes"
Willcutaflip-6102 asked piaudonn commented

Windows Hello Hybrid Key Trust: Enrolling over VPN

We have recently implemented Windows Hello for Business in our environment via the hybrid key trust model. Machines in the office are able to enroll in windows hello without issue however VPN devices are having issues. We are using the built in windows VPN, and all traffic is getting sent to our gateway. The machines get the group policy to enforce the requirement however when they log in, they are not prompted to set up a pin or fingerprint. When we go to Settings > Accounts > Sign in options> all of the options tell us "This option is currently unavailable" and then "This sign-in option is only available when connected to your organizations network".

Has anyone else experienced this issue?

adfsazure-ad-single-sign-onazure-ad-hybrid-identity
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you paste the output of the following command from an affected machine:

 dsregcmd /status
0 Votes 0 ·

1 Answer

Willcutaflip-6102 avatar image
1 Vote"
Willcutaflip-6102 answered piaudonn commented

@piaudonn sorry about the delayed response on this. I think we figured out our problem. Half of our machines had intune enrollment issues and were stuck in a pending state. Running dsregcmd /debug /leave on those machines allowed them to register properly and get their proper tokens. Takes about half an hour but eventually the status message in dsregcmd /status changes to WillProvision. Rebooted and the user was prompted to set up a pin and fingerprint.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Great to hear! And thanks for sharing! Please mark your message as an accepted answer :)

1 Vote 1 ·