I recently created an Intune policy for Windows Hello for Business and I'm testing it on myself and one of my Chicago users who's always good for tech. The more I use it, the more I like it.
It allows a user to create a PIN for unlocking their laptop and then depending on the laptop – fingerprint unlock, face scan unlock and Bluetooth-with-your-phone unlock. I had to wrap my head around the concept of the "asynchronous" unlock (credentials are solely on the laptop – usually in the TPM chip) vs "synchronous" unlock (password is stored on the laptop and the cloud). With Microsoft saying that Windows Hello for Business - asynchronous - is more secure.
Thoughts on this? I'm going to offer it as an option to staff who want to try it. Curious as to whether orgs require it as the sole method or use fancy security cards. Anyone else playing with this?
------------------------------
Adam Kuhn
Director, IT
202-772-3002
akuhn@fia.org------------------------------