Windows Hello for Business

identity

Microsoft enterprise credential that replaces passwords with strong two-factor authentication using biometrics or PIN.

What is Windows Hello for Business?

Windows Hello for Business uses asymmetric key pairs or certificates for authentication. The private key never leaves the device and is protected by the Trusted Platform Module (TPM). Users authenticate locally using a PIN or biometric, which unlocks the key for use. This provides phishing-resistant, passwordless authentication for both device sign-in and cloud applications.

In Microsoft 365

Windows Hello for Business integrates with Azure AD/Entra ID for cloud authentication and with on-premises Active Directory for hybrid scenarios. It supports both key trust and certificate trust deployment models and can be enforced through Conditional Access authentication strength.

Examples

  • 1Facial recognition login
  • 2Fingerprint authentication
  • 3TPM-protected PIN
  • 4Iris scanning

Related TrueConfig Controls

These controls help implement and verify windows hello for business in your Microsoft 365 environment.

PA-05Require Phishing-Resistant MFA for AdminsPA-06Require FIDO2 Security Keys for AdministratorsID-04Require Phishing-Resistant MFA for All Users

Frequently Asked Questions

What is Windows Hello for Business?
Microsoft enterprise credential that replaces passwords with strong two-factor authentication using biometrics or PIN.
How does Windows Hello for Business work in Microsoft 365?
Windows Hello for Business integrates with Azure AD/Entra ID for cloud authentication and with on-premises Active Directory for hybrid scenarios. It supports both key trust and certificate trust deployment models and can be enforced through Conditional Access authentication strength.
What are examples of Windows Hello for Business?
Examples of Windows Hello for Business include: Facial recognition login, Fingerprint authentication, TPM-protected PIN, Iris scanning.
Which TrueConfig controls relate to Windows Hello for Business?
TrueConfig controls related to Windows Hello for Business include: PA-05, PA-06, ID-04. These controls help implement and verify windows hello for business in your environment.

Related Terms

FIDO2

An open authentication standard that enables passwordless authentication using public key cryptography.

Passkey

A FIDO2 credential that can be synced across devices, enabling passwordless authentication without hardware tokens.

← Back to GlossaryBrowse Controls →