After installing Single-session OS VDA, Windows Hello for Business cannot be disabled via Intune.
Article ID: CTX617055
Updated On:
Description
After installing Single-session OS VDA 2209 or 2203 LTSR CU2 (or later), Windows Hello for Business can no longer be disabled via Microsoft Intune.
Resolution
To allow Microsoft Intune to manage Windows Hello for Business settings, delete the registry value HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\Enabled.
Problem Cause
After installing Single-session OS VDA 2209 or 2203 LTSR CU2 (or later), the registry value HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\Enabled is set to 1, which takes precedence over the Microsoft Intune policy.
Was this article helpful?
Yes
No
Powered by
