Requirements per Windows Hello for Business Deployment Type

Microsoft Passwordless with Windows Hello for Business

Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices.


About Windows Hello for Business

In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.

Windows Hello addresses the following problems with passwords:

  • Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
  • Server breaches can expose symmetric network credentials (passwords).
  • Passwords are subject to replay attacks.
  • Users can inadvertently expose their passwords due to phishing attacks.



There are five deployment types for Windows Hello for Business. Microsoft has described them in detail in the Windows Hello for Business Deployment Guide.

However, one of the pieces of documentation that I feel is missing from the deployment guide is an overview of the requirements per Windows Hello for Business deployment type.

The below table shows the requirements per Windows Hello for Business Deployment Type:

Azure AD Join - Certificate Trust - Key Trust - Azure AD Connect - NDES - Windows Server 2016 Domain Controllers - MFA - Device Registration service - Windows 10 1703 - Microsoft Intune

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.