Policy

Use certificate for on-premises authentication

Microsoft Windows

Back to Windows Hello for BusinessBack to main
Use certificate for on-premises authentication
Jump to overview

Policy overview

Key metadata and intent for this policy.

Category
Windows Components > Windows Hello for Business
Supported on
At least Windows 10

Supported OS tags: Windows10, Windows10RT

Use this policy setting to configure Windows Hello for Business to enroll a sign-in certificate used for on-premises authentication. If you enable this policy setting, Windows Hello for Business enrolls a sign-in certificate that is used for on-premises authentication. If you disable or do not configure this policy setting, Windows Hello for Business will use a key or a Kerberos ticket (depending on other policy settings) for on-premises authentication. NOTE: Disabling or not configuring this policy setting and enabling the "Use Windows Hello for Business" policy setting requires the environment to have one or more Windows Server 2016 domain controllers to prevent Windows Hello for Business authentication from failing.

Internal name
WHFB_UseCertificateForOnPremAuth
Policy ID
ec0b5a538d61
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Path
SOFTWARE\Policies\Microsoft\PassportForWork
Value name
UseCertificateForOnPremAuth
REG_DWORD
HKLM
1
HKCU
1
HKLM
0
HKCU
0
Registry location
Type REG_DWORD · Both
Path
SOFTWARE\Policies\Microsoft\PassportForWork
Value name
UseCertificateForOnPremAuth
Hive
HKLM
Enabled value
1
Disabled value
0
Hive
HKCU
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.