Policy

Use Windows Hello for Business certificates as smart card certificates

Microsoft Windows

Back to Windows Hello for BusinessBack to main
Use Windows Hello for Business certificates as smart card certificates
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Windows Hello for Business
Supported on
At least Windows 10

Supported OS tags: Windows10, Windows10RT

If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates. If you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key. This policy setting is incompatible with Windows Hello for Business credentials provisioned when the "Turn off smart card emulation" is enabled. Windows requires a user to lock and unlock their session after changing this setting if the user is currently signed in.

Internal name
MSPassport_UseHelloCertificatesAsSmartCardCertificates
Policy ID
35bf49616e6f
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Policies\Microsoft\PassportForWork
Value name
UseHelloCertificatesAsSmartCardCertificates
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Policies\Microsoft\PassportForWork
Value name
UseHelloCertificatesAsSmartCardCertificates
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.