Windows Hello for Business not activating

  • Thread starter Muhammad Shiraz AlamKhan
  • Start date
M

Muhammad Shiraz AlamKhan

I have a Hybrid Azure AD environment in my company. We have chosen the Windows Hello for Business key trust model and Carefully followed the following guide:


Configure Hybrid Windows Hello for Business key trust Settings - Microsoft 365 Security


Let me also give some details about our environment:

  • Windows Server 2019 DC
  • Azure Active directory with Endpoint manager
  • Windows 10 Pro 20H2
  • Intune Policy for Windows Hello for Business


Still now we have no prompt for activating PIN or Biometric by Windows Hello for Business! after checking the event log (Event Viewer > Applications and Service Logs\Microsoft\Windows\User Device Registration\Admin) I found these event id's:


359:

Windows Hello for Business provisioning has encountered an error during policy evaluation.

ExitCode: The system cannot find the file specified.

Method: DmIsNgcCertPayloadReceived

See What's new in Active Directory Federation Services for Windows Server 2016 for more details


360:

Windows Hello for Business provisioning will not be launched.

Device is AAD joined ( AADJ or DJ++ ): Yes

User has logged on with AAD credentials: No

Windows Hello for Business policy is enabled: Yes

Windows Hello for Business post-logon provisioning is enabled: Yes

Local computer meets Windows hello for business hardware requirements: Yes

User is not connected to the machine via Remote Desktop: Yes

User certificate for on premise auth policy is enabled: Yes

Machine is governed by mobile device management policy.

See What's new in Active Directory Federation Services for Windows Server 2016 for more details.


361:

Windows Hello for Business provisioning will not be launched.

Device is AAD joined ( AADJ or DJ++ ): Yes

User has logged on with AAD credentials: No

Windows Hello for Business policy is enabled: Yes

Windows Hello for Business post-logon provisioning is enabled: Yes

Local computer meets Windows hello for business hardware requirements: Yes

User is not connected to the machine via Remote Desktop: Yes

User certificate for on premise auth policy is enabled: Yes

MDM user certificate enrollment is ready: Error

Certificate enrollment method: mobile device management

See What's new in Active Directory Federation Services for Windows Server 2016 for more details


362:

Windows Hello for Business provisioning will not be launched.

Device is AAD joined ( AADJ or DJ++ ): Yes

User has logged on with AAD credentials: No

Windows Hello for Business policy is enabled: Yes

Windows Hello for Business post-logon provisioning is enabled: Yes

Local computer meets Windows hello for business hardware requirements: Yes

User is not connected to the machine via Remote Desktop: Yes

User certificate for on premise auth policy is enabled: Yes

Enterprise user logon certificate enrollment endpoint is ready: Not Tested

Enterprise user logon certificate template is : Not Tested

User has successfully authenticated to the enterprise STS: Not Tested

Certificate enrollment method: mobile device management

See What's new in Active Directory Federation Services for Windows Server 2016 for more details.


Continue reading...
 
Back
Top Bottom