Policy

Configure enhanced anti-spoofing

Microsoft Windows

Back to Facial FeaturesBack to main
Configure enhanced anti-spoofing
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Biometrics > Facial Features
Supported on
At least Windows Server 2016 or Windows 10

Supported OS tags: Windows10, WindowsServer2016

This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. If you disable or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.

Internal name
Face_EnhancedAntiSpoofing
Policy ID
51ba8956d6e3
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures
Value name
EnhancedAntiSpoofing
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures
Value name
EnhancedAntiSpoofing
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.