Pre-Requisite | Windows 10, version 1511 or later
Azure Active Directory | Microsoft Authenticator app
Phone (iOS and Android devices running Android
6.0 or above) | Windows 10, version 1809 or later
Azure Active Directory |
Mode | Platform | Software | Hardware |
Systems and devices | PC with a built-in Trusted
Platform Module (TPM)
PIN and biometrics recognition | PIN and biometrics recognition on phone | FIDO2 security devices that are Microsoft compatible |
User experience | Sign in using a PIN or biometric recognition
(Facial, iris, or fingerprint) with Windows devices.
Windows Hello
authentication is tied to the device; the user needs both the device and a sign-in component such as a PIN or biometric factor to access corporate resources. | Sign in using a mobile
phone with fingerprint scan, facial or iris recognition, or PIN.
Users sign in to work or personal account from their PC or mobile phone. | Sign in using FIDO2 security device (biometrics, PIN, and NFC).
User can access device based on organization controls and authenticate based on PIN, biometrics using devices such as USB security keys and NFCenabled smartcards, keys, or wearables. |
Enabled scenarios | Password-less experience with Windows device.
Applicable for dedicated work PC with ability for single sign-on to device and applications. | Password-less anywhere solution using mobile phone.
Applicable for accessing work or personal applications on the web from any device. | Password-less experience for workers using biometrics, PIN, and NFC.
Applicable for shared PCs and where a mobile phone is not a viable option (such as for help desk personnel, public kiosk, or hospital team). |