Enable security keys for Windows sign-in
We need to enable the the security keys as a sign-in option for our Windows 10 devices in Microsoft Intune. In Intune this can be done by enabling this as part of a tenant wide Windows Hello for Business (WHfB) setting or by deploying an Identity Protection configuration policy.
Using this first option is a tenant wide setting for all users.
Open a browser to sign-in to the Microsoft Intune portal.
- Sign-in to the Device Management Portal
- Browse to Devices – Windows – Windows Enrollment
- Click Windows Hello for Business
- Set Configre Windows Hello for Business to Enabled
- Set Use Security keys for sign-in to Enabled
- Click Save
The same can be accomplished by using an Identity Protection configuration policy. The advantage of using a configuration policy is you can assign it to a group of users instead of all users.
- Browse to Devices – Windows – Configuration profiles
- Click Create profile
- Give the policy a Name
- Enter a Description (optional)
- Choose Windows 10 and later as Platform
- Choose Identity protection as Profile type
- On the Settings tab set Use security keys for sign-in to Enable
- Click OK
- Click Create
- Click Assignments to assign the policy to the security group of choice
