Windows hello for business enrollment not working on FIDO keys


justlooking4hel

justlooking4hel

New member
Local time
10:32 AM
Posts
1
OS
Windows 11
Have an issue where I can't get the enrollment for WHFB to work unless users log in with a password.

We are a hybrid environment - AD and Entra joined. TAP is not an option as you have to be entra only.

We have Yubikeys setup to work as an alternate login source which is linked with ENTRA ID. This works and users can sign in using these keys. The goal is passwordless with WHFB.

However when logging in using the Yubikeys - it will never prompt for registration to WHFB. I have to log out and log in with a password in order for that to happen.....

Has anyone got that to work?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell
That's way above my paygrade and I don't understand a word of it but welcome to the forum. Hopefully one of the ones that work in IT can help you.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External drives 512gb Samsung m.2 sata+1tb Kingston m2.nvme+ 4gb Solidigm nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26100.4061
This is by design. It prevents an attacker from gaining access to a system with a single factor and then registering their own key. Hence you need to use a different factor such as password, pin, smart card to register
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
neemobeer said:
This is by design. It prevents an attacker from gaining access to a system with a single factor and then registering their own key. Hence you need to use a different factor such as password, pin, smart card to register
Click to expand...
Yup. It ain't 2fa if you only need one method of entry.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    2TB XPG nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Internet Speed
    900mbps DOWN, 100mbps UP
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
You must log in or register to reply here.

Similar threads

  • Article Article
Important changes to the Windows 11 MDM enrollment experience coming soon
Replies
1
Views
1K
garlin
G
Solved Windows Hello for Business is a passwordless experience for users.
Replies
6
Views
2K
antspants
antspants
  • Article Article
Passwordless RDP with Windows Hello for Business
Replies
0
Views
981
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom