Short link for this page: utwente.nl/windowshello
UT USES WINDOWS HELLO FOR BUSINESS ON WINDOWS 11 Compatiple DEVICES TO SECURELY LOG IN.
Windows Hello for Business applies advanced biometric technologies, such as facial recognition and fingerprint scanners, to verify your identity without requiring a password. This offers several benefits:
- Enhanced Security: Windows Hello provides a more secure login method than traditional passwords. Instead of a password, which can be vulnerable to phishing, Windows Hello for Business uses biometric data and Microsoft Cloud Trust to verify your identity. This means your biometric data is stored locally on your device and is never shared or transmitted.
- Easy Access: With Windows Hello, you no longer need to enter passwords to sign in to Windows. You can log in quickly and easily with a PIN, a smile, or a fingerprint. Of course, it also remains possible to log in with your username and password.
- Time-Saving: Windows Hello's fast and seamless authentication allows you to log in to your device more quickly.
The wizard to set up Windows Hello for Business will be activated automatically on all LISA managed Windows 11 compatible devices. The next time you restart your device, the wizard will ask you to activate Windows Hello for Business.
This reference video guide gives a short summary on how to activate Windows Hello for Business: with face recognition, fingerprint or pin code.
FAQ
- Why don't I see the Windows Hello wizard?
The wizard will only appear once the policy has been activated on your device. it might take some time (up to 8 hours). If you have been using your device for a few days after June 19 and still do not see the wizard after restarting: it could mean that the computer is not compatible, not LISA managed, a special device or Windows may not be compatible yet. Please contact the service desk to verify this.
This answers my question.Thank you for your feedback - How is it possible that a 6-digit pin code is more secure than a 14-character password?
Your PIN, smile, or fingerprint only opens the secure vault on your computer where half of the key is stored, which never leaves the device. The other half of the key is securely stored online by Microsoft in your account. Together, these two keys provide access to your device, websites, and files. Even if someone manages to obtain your PIN through phishing, it can only be used on your device and not, unlike a regular password, from another location. Additionally, if you use your face or fingerprint, the chance of someone being able to observe your PIN is eliminated.
More technical explanation
Windows Hello for Business provides a significantly more secure method for logging in than traditional passwords, even those with 14 characters. Traditional passwords are vulnerable to cyberattacks, including phishing, brute force attacks, and credential stuffing. In contrast, Windows Hello for Business enhances security by using biometric authentication and Microsoft Cloud Trust to verify a user’s identity. An asymmetrical key pair is created: one key is stored on the device, and the other is held by the identity provider. Access is granted only when these keys are combined. Therefore, these keys are used to access the device, not the PIN itself. A 6-digit PIN can be more secure than a 14-character password because the PIN is tied to the specific device and cannot be used elsewhere. Additionally, the PIN is just one part of a multi-factor authentication process that includes the device and biometrics, significantly reducing the attack surface compared to traditional passwords. The asymmetrical key pair adds another layer of security, ensuring that the PIN alone is insufficient without the corresponding device and biometric verification.This answers my question.Thank you for your feedback - I forgot my PIN / How can I reset or change Windows Hello for Business PIN?
Navigate to Settings > Accounts > Sign-in options > PIN (Windows Hello) > I forgot my PIN, or when you know your PIN but you want to change the PIN, choose Change PIN.
This answers my question.Thank you for your feedback - Can I still log in with my username and password after Windows Hello activation?
Yes, in the sign-in screen, you can also choose to sign in with your password in the sign-in options. The video shows the different sign-in options. Click on the key icon if you want to sign in with your password.
This answers my question.Thank you for your feedback - What if I no longer want Windows Hello for Business?
Contact our servicedesk. They will ensure that the policy is disabled on the device and that a Windows Hello Removal Tool application becomes available in the Company Portal, which can be used to completely disable Windows Hello on the device.
This answers my question.Thank you for your feedback - How can I activate Windows Hello special devices or lab PCs?
Windows Hello for Business will not be activated on specials known to LISA, such as lab PCs, measurement systems and lecture room PCs. If there is a situation where Windows Hello for Business needs to be activated on such a PC, please contact the Service desk for assistance.
This answers my question.Thank you for your feedback - What if my device doesn't have a compatible webcam for face recognition?
You can purchase a compatible device from the Self Service Portal or setup a 6-digit pin code. For this, see the products marked with: Windows Hello. Discuss this first with your budget responsible.
This answers my question.Thank you for your feedback - How do I modify my sign-in options?
Easily adjust them in Settings > Accounts > Sign-in options.
This answers my question.Thank you for your feedback - How can I navigate through the wizard?
See the video in the section above.
This answers my question.Thank you for your feedback - Is Windows Hello for Business secure?
Yes, it offers enhanced security with phish-resistant two-factor authentication and built-in brute force protection. Learn more on the Microsoft website.
This answers my question.Thank you for your feedback - Are my biometric data shared with third parties?
No, biometric data like fingerprints or facial recognition remains on your device and isn't transmitted or shared with Microsoft or other parties.
This answers my question.Thank you for your feedback - What if I have a device without a camera or fingerprint scanner?
You'll go through a wizard to set up a PIN code instead. If you'd like to use biometric login features, you can purchase a supported webcam or fingerprint scanner from the Self Service Portal.
This answers my question.Thank you for your feedback - Will this work when I'm working at home (remotely)?
You can complete the wizard at home, but biometric logins might not be possible the first time until you connect to the VPN. (This generally applies only to AD-managed computers.) If you are off-campus after provisioning and receive a message that login is not possible when attempting to log in for the first time using PIN, FACE, or Fingerprint, resolve this by:
- Select in logon screen sign-in options;
- Choose password (Key icon);
- Logging in with your username and password;
- Start EduVPN;
- Lock your computer (Windows key + L);
- Unlock your computer and choose a preferred sign-in option PIN, FACE, or Fingerprint;
- Windows Hello for Business is now fully configured.
This only applies to the first login; subsequent logins with PIN, FACE, or Fingerprint will be possible without a VPN connection, just like with your traditional password.
This answers my question.Thank you for your feedback - My laptop appears to have a fingerprint scanner, but it's not functional.
If the wizard doesn't allow you to set up the fingerprint, it's likely that the hardware isn't compatible. Often, what may appear to be a scanner is just a cover or a similar feature without the actual fingerprint scanning capability.
This answers my question.Thank you for your feedback - How many users can enroll for Windows Hello for Business on a single Windows device?
The maximum number of supported enrollments on a single device is 10. Which means 10 users may setup face recognition and/or there fingerprint to access the device. For devices with more than 10 users it's recommended the use of FIDO2 security keys.
This answers my question.Thank you for your feedback - Can I enroll local Windows accounts in Windows Hello for Business?
Windows Hello for Business is not designed to work with local accounts.
This answers my question.Thank you for your feedback - Can I use an external camera?
You can use an external Windows Hello compatible camera if a device has an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication.
This answers my question.Thank you for your feedback
More Microsoft FAQ about Windows Hello for Business
Contact
Visit us: 8.30 - 17.00 on weekdays (location)
Call us: 8.00 - 17.30 on weekdays
To support you on the phone, we may ask you to open Teamviewer. The application has already been installed on UT Windows computers. For other devices, you may need to download Teamviewer.