HOWTO: Delete your Windows Hello for Business Registrations

Microsoft Passwordless with Windows Hello for Business

Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices.

When you’ve got it working the way you want it to work, it’ll work flawlessly. But, there are situation where you can’t get it to work the way you want, it stops working the way you want, or you simply want to switch between the Windows Hello for Business deployment models.

In that case, you’ll want to delete your Windows Hello for Business registration.

Note:
Make sure to allow for one or more FIDO2 Security Keys to the account, when you require the use of Windows Hello for Business to sign in. In this case, signing in with merely the password won’t suffice.

To achieve that, run the following line of code in a Command Prompt (cmd.exe) window, while signed in with the user account of the person you want to delete the Windows Hello For Business registration for:

certutil.exe -DeleteHelloContainer

Afterwards, sign out to complete the action:

logoff.exe

 

The above two commands together, will delete all Windows Hello for Business registrations that are local to the Windows 10 device, including Windows Hello Face, Windows Hello Fingerprint and Windows Hello PIN. However, it will not remove the Security Key sign-in method, because this registration lives in Azure AD, not on the device.

After signing in successfully after deletion of the Windows Hello for Business registration, new methods can be set up for the account from Sign-in Options in the Windows Settings app.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.