This article explains how to configure Windows 10 multi-factor device unlock using Windows Hello and trusted signals via Microsoft Endpoint Manager, including step-by-step instructions to create and assign a configuration profile.
You can use Windows 10 Multi-factor device unlock feature by extending Windows Hello with trusted signals. With that you can configure Windows 10 to request a combination of factors (Fingerprint, PIN etc) and trusted signals to unlock the devices.
Web sign-in is not yet a supported Multi-factor device unlock capability
Open the Microsoft Endpoint Manager admin center portal and navigate to Devices > Windows > Configuration profiles
On the Windows | Configuration profiles blade, click Create profile
On the Create a profile blade, provide the following information and click Create
Platform: Select Windows 10 and later to create a profile for Windows 10 devices
Profile: Select Settings catalog to select the required setting from the catalog
On the Basics page, provide the following information and click Next
Name: Provide a name for the profile to distinguish it from other similar profiles
Description: (Optional) Provide a description for the profile to further differentiate profiles
Platform: (Greyed out) Windows 10 and later
On the Configuration settings page, as shown below in Figure 1, perform the following actions
Click Add settings and perform the following in Settings picker
Select Authentication as category
Select Enable Web Sign In as setting
Select Enabled. Web Sign-in will be enabled for signing in to Windows with Enable Web Sign In and click Next
.png)
On the Scope tags page, configure the required scope tags and click Next
On the Assignments page, configure the assignment and click Next
On the Review + create page, verify the configuration and click Create