Event banner

Windows Office Hours: December 19, 2024

Event Ended

Thursday, Dec 19, 2024, 08:00 AM PST

Hybrid

Event details

Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date ef...

Heather_Poulsen

Updated Nov 19, 2024

Office Hours

jenniferwatson1

Copper Contributor

Dec 19, 2024

We have hybrid joined AAD devices and are starting to roll-out Windows Hello for Business. Is there a recommended way to remove the ability to log-in with Windows Hello in case we need to block a user from accessing a device in the future. From what we understand, it can only be done with Intune if App Management loads have been moved to Intune, which we are a long way from being able to do.

EricMoe

Microsoft

Dec 19, 2024

If a user account has been disabled, once they attempt a logon when a connection to the cloud, they should be blocked from logging in. That said, we do have an Intune policy defined here ADMX_CredentialProviders Policy CSP | Microsoft Learn that can be used to disable a specific credential provider. Provider GUIDs are defined here: Multi-factor unlock | Microsoft Learn

Jays2Cents4Free
Copper Contributor
Dec 19, 2024
EricMoespeaking of credential providers, is there a way to block the password option on Windows login screen, but still allow passwords in the UAC prompt for admins to use domain admin credentials and select users that are allowed local administrator access with LAPS?

Date and Time

Dec 19, 20248:00 AM - 9:00 AM PST