Windows Hello for Business is a private/public key or certificate-based authentication approach for organizations and it is the first jump onto the journey to a password less world. I have been using and deploying Windows Hello for Business since the first version of Windows, it is nice and easy if you have a device with build-in capabilities – but if you don’t have that a USB device like YubiKey is away of getting that working.

I’m starting to test YubiKey with Windows Hello and it is a nice and easy experience. First you need to get the YubiKey – find the right key for your needs https://www.yubico.com/quiz/

This is tested on a AzureAD joined device where Windows Hello is default enabled on all devices.

To configure your Yubikey on the devices you need a app – the best way to deploy it is with a Enterprise tool like Intune or Configuration Manager with integration to Microsoft Store for Business.

Next you you need to find the YubiKey for Windows Hello app in the Microsoft Store for Business for mass deployment or Microsoft Store for personal use.
In my case I get the app from the Business Store https://aka.ms/msfb
Find the YubiKey for Windows Hello app and click “Get the app”

Windows Hallo - Yubikey - 01

Then click Close

Windows Hallo - Yubikey - 02

Find YubiKey for Windows Hello app in Intune under client apps – apps

Windows Hallo - Yubikey - 04

Create the assignment for the user group that need the app.

Windows Hallo - Yubikey - 05

And now your end user is ready to use the key for Windows Hello.

What is the end user expirence:

The end user need to put in the Yubikey in the USB port on the Windows 10 device.

Windows will automatic recounice the Yubikey

Windows Hallo - Yubikey - 09

The end user have tot start the YubiKey for Windows Hello apps

Click register

Windows Hallo - Yubikey - 10

The end user will be promted to insert the key in the USB port – if the key is already is in the USB port then just

Click continue

Windows Hallo - Yubikey - 11

Give the Yubiket a frendly name

Click Continue

Windows Hallo - Yubikey - 12

Then you will be promted to authenticate your identity

Click continue

Windows Hallo - Yubikey - 13

Select OK

Windows Hallo - Yubikey - 14

And now you are ready to use the Yubikey as a factor in your Windows Hello login

Windows Hallo - Yubikey - 15

Now you are ready to login to your device with using password.

 

Happy testing 🙂

Read more:

How to start a pilot on Windows Hello with Intune