I have enabled the GPO to bring up the Windows Hello for Business enrollment at user logon and it works fine.
However we have a lot of remote workers that log on 'offline' then connect to the domain over VPN.
I'm looking for a way to invoke the Whfb enrollment process via a script which I will run post VPN connection. I'm struggling to find a way to launch the UWP app (CloudExperienceHost) that controls the enrollment.
I've found the related protocol (ms-cxh:) but it just launches a blank screen so assum it needs some arguments.
I've seen a few PS scripts that talk about launching from the shell: protocol but I can't get these to work as they are more focused on standard user apps
I should be possible 'in-session' as we get an occasional random toast notification which will kick off the process. Triggering that would be fine as well
