I have a few users with Azure AD/M 365 accounts.
I want to setup Windows Hello for Business for their Windows 10 machines. I am using Windows 10 Pro VM's on VMware to test. They are updated to 20H2.
I am trying to follow this:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy
Everytime I joined the machines to Azure AD it would not give me option to setup Windows Hello for Business.
There's no on-prem AD service, just Azure AD.
Windows Hello for Business is enabled here:
https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/windowsEnrollment
The users are on Microsoft 365 Business Premium, which should include Intune and Azure AD Premium P1 licenses.
Just to be complete, I am doing this as a requirement to deploy Azure Virtual Desktop with Azure AD login and MFA as shown here https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows. I have finished all the rest of the requirements and user can login using Azure AD login without MFA right now (when i turn off Conditional Access for Azure Windows VM Login).
Any suggestions ?




