My goal is to allow users to use Windows Hello on their computers which are connected to the domain. It doesn't have to be Hello for business. At the moment users even can't see Windows Hellow section in sign in settings, for example:
We are using Hybird AD, I've tried many combinations of settings in group policy. Right now I've got enabled options:
- Tun on convenience PIN sign-in (in Logon settings)
- Use Windows Hello for Business (in Hello for Business settings)
- Use biometrics (in Hello for Business settings)
- Use a hardware security device (in Hello for Business settings)
- Allow the use of biometrics (in Biometrics settings)
- Allow users to log on using biometrics (in Biometrics settings)
- Allow domain users to log on using biometrics (in Biometrics settings)
After disconnecting machine from domain, Windows Hellow appears and works alright. Machine is runing on Windows 10 Enterprise, version 2004.
What else I can try to do to allow users to use Windows Hello (PIN, fingerprint, facial recognition)?
Best Answer
After setting all Windows Hello for Business settings in group policy as not configured and syncing AD, everything started to work, Windows Hello is visible, possible to configure and works like a charm.