Windows Hello for Business Features

Applies to:

  • Windows 10

Consider these additional features you can use after your organization deploys Windows Hello for Business.

Conditional access

Azure Active Directory provides a wide set of options for protecting access to corporate resources. Conditional access provides more fine grained control over who can access certain resources and under what conditions. For more information see Conditional Access.

Dynamic lock

Dynamic lock uses a paired Bluetooth device to determine user presence and locks the device if a user is not present. For more information and configuration steps see Dynamic Lock.

PIN reset

Windows Hello for Business supports user self-management of their PIN. If a user forgets their PIN, they have the ability to reset it from Settings or the lock screen. The Microsoft PIN reset service can be used for completing this reset without the user needing to enroll a new Windows Hello for Business credential. For more information and configuration steps see Pin Reset.

Dual Enrollment

This feature enables provisioning of administrator Windows Hello for Business credentials that can be used by non-privileged accounts to perform administrative actions. These credentials can be used from the non-privileged accounts using Run as different user or Run as administrator. For more information and configuration steps see Dual Enrollment.

Remote Desktop

Users with Windows Hello for Business certificate trust can use their credential to authenticate to remote desktop sessions over RDP. When authenticating to the session, biometric gestures can be used if they are enrolled. For more information and configuration steps see Remote Desktop.