Entra ID Devices with WHFB configured

Question

Hi All,

For Entra ID Devices with WHFB configured, when you’re using RDP, by default it’s trying to use the WHFB for authentication.
Is there a way to force the RDP console to have the Lg/User interface instead ?
Posted by  Hafedh Guiga in HTMD FB Group

 

entra - HTMD Forum - Welcome to the world of Device Management! This is community build by Device Management Admins for Device Management Admins❤️ Ask your questions!! We are here to help you! - Entra ID Devices with WHFB configured

Answers ( 2 )

    0
    2024-05-27T16:14:35+05:30

    Replied by Sanjay Mittal

    Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
    Locate the setting “Require user authentication for remote connections by using Network Level Authentication” and ensure it is set to Enabled.

    Replied by Sanjay Mittal

    HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem
    Create or modify the DWORD value “BlockDomainCreds”:
    Set it to 0 to allow domain credentials via RDP.

    Replied by Hafedh Guiga

    Sanjay Mittal i can’t do that, we’re using WHFB for authentication. It should stay activated

    Replied by Doug Johnson

    Sanjay Mittal not helpful. You’re telling him to disable windows hello for business lol

    0
    2024-05-27T16:11:48+05:30

    Fore More Details Free Entra Training Videos | Start Learning Entra ID Azure AD
    https://www.anoopcnair.com/free-entra-training-videos-start-learning-entra-id/

    Replied by Sanjay Mittal

    You can use Group Policy settings or configure specific RDP settings.

    Replied by Hafedh Guiga

    Sanjay Mittal No GPO, it’s an Entra ID device, and which setting ?

    Replied by Sanjay Mittal

    Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business
    Look for a policy setting called “Use Windows Hello for Business” or “Use biometrics”.
    Set this policy to Disabled.

Leave an answer

Sorry, you do not have permission to answer to this question .