This step by step tutorial will show you how to configure Windows Hello for Business and ensure it does not conflict with your configurations in the Intune / Endpoint Manager security baseline.
This is Part 2 of a 5 part series
=======================================================================
Welcome to part 2 of my five part series of tutorials taking you step by step on how to configure Microsoft Endpoint Manager / Intune focusing on the essential security configurations.
5. Utilize dedicated Intune admin accounts rather than Global Admin accounts - Link
=========================================================================
2. Configure Windows Hello for Business
Introduction to Windows Hello for Business - Link
Microsoft implemented Windows Hello for Business, a new credential in Windows 10, to help increase security when accessing corporate resources. In Windows 10, this feature offers a streamlined user sign-in experience—it replaces passwords with strong two-factor authentication by combining an enrolled device with a PIN or bio-metric user input for sign in.
=========================================================================
Configure and apply Windows Hello for Business
Endpoint Manager - Devices - Enroll Devices -
In the General section - Select - Windows Hello for Business
By default, this will be assigned to All Users and this cannot be altered.
Use the drop down box to select - Enabled
The Windows Hello for Business options will be enabled.
Configure as per the business needs, but ensure this matches your configuration in your Security Baseline to ensure you have no conflicts.
Below shows the default configurations that I will be updating to match my Security Baseline config.
Updated config to match my Security Baseline.
Save
========================================================================
Check out all my tutorials - Link
Highlights include -
13 part series on how to perform the initial Tenant and Intune Configuration - Link
1. Configure DNS and CNAME
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming
3. Enable Conditional Access and MFA (Multi factor authentication)
4. Configure Conditional Access Terms of Use
5. Company Terms and Conditions
6. User and Device Groups, and Device Categories
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment
7a. More information regarding options for configuring the MDM and MAM user scopes
8. Enrollment Status Page
9. Enrollment Restrictions
10. Deploying Microsoft 365 apps (Office apps)
11. Enable Microsoft Store for Business and publish the Company Portal app
12. Assign Company Portal app
13. Test autopilot via register online
===============================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry
LinkedIn - https://www.linkedin.com/in/terry-munro/
Facebook - @IntuneAdmin - https://www.facebook.com/IntuneAdmin/
Facebook Community Group - https://www.facebook.com/groups/intuneadmin/
GitHub Repository - https://github.com/TeamTerry
No comments:
Post a Comment