Skip to main content

For IT Leads

Windows Hello for Business (WHfB) in your OU

Step 1: Enable WHfB by applying Group Policy

From Group Policy Management, link “Common_Enable Windows Hello for Business-Cloud Trust-Opt-In” policy to the desired OU. Note: WHfB is limited to 10 user enrollments on a single device, therefore it is not recommended for OUs with public computers in them (labs, kiosks, etc.).

If you have any questions about how to do this, please submit a Service Now request to ITS-Managed Desktop Services (MDS). An MDS team member will be in touch to provide assistance.

Step 2: Enable WHfB on the specific device

To complete the process of enabling Windows Hello for Business on a device, the following steps must be completed on that device.

Off-campus devices

  1. Log in to the campus VPN and remain connected to VPN for at least 3 consecutive hours before going to the next step. This will ensure that the security policy enabling WHfB enrollment is applied to your computer.
  2. Restart your computer.
  3. Follow these Enrollment Steps.
  4. Before signing into your computer, connect to the campus VPN.
    • From the Windows login screen, click the Connect Before Logon icon in the bottom right corner to the VPN before signing into your computer.
  5. Once you are connected to the VPN, you can sign into your computer with the PIN or fingerprint you set up during enrollment.

On-campus devices

  1. Restart your computer.
  2. Follow these Enrollment Steps.

More information

Visit the Windows Hello for Business page at help.unc.edu.