Windows Hello for Business is a private/public key or certificate-based authentication approach for organizations and it is the first jump onto the journey to a password less world. I have been using and deploying Windows Hello for Business since the first version of Windows, it is nice and easy if you have a device with build-in capabilities – but if you don’t have that a USB device like YubiKey is away of getting that working.
I’m starting to test YubiKey with Windows Hello and it is a nice and easy experience. First you need to get the YubiKey – find the right key for your needs https://www.yubico.com/quiz/
This is tested on a AzureAD joined device where Windows Hello is default enabled on all devices.
To configure your Yubikey on the devices you need a app – the best way to deploy it is with a Enterprise tool like Intune or Configuration Manager with integration to Microsoft Store for Business.
Next you you need to find the YubiKey for Windows Hello app in the Microsoft Store for Business for mass deployment or Microsoft Store for personal use.
In my case I get the app from the Business Store https://aka.ms/msfb
Find the YubiKey for Windows Hello app and click “Get the app”
Then click Close
Find YubiKey for Windows Hello app in Intune under client apps – apps
Create the assignment for the user group that need the app.
And now your end user is ready to use the key for Windows Hello.
What is the end user expirence:
The end user need to put in the Yubikey in the USB port on the Windows 10 device.
Windows will automatic recounice the Yubikey
The end user have tot start the YubiKey for Windows Hello apps
The end user will be promted to insert the key in the USB port – if the key is already is in the USB port then just
Give the Yubiket a frendly name
Then you will be promted to authenticate your identity
And now you are ready to use the Yubikey as a factor in your Windows Hello login
Now you are ready to login to your device with using password.
Happy testing 🙂