Policy

Configure enhanced anti-spoofing

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Biometrics > Facial Features
Supported onAt least Windows Server 2016 or Windows 10

Supported OS tags: Windows10, WindowsServer2016

This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. If you disable or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.

Internal name
Face_EnhancedAntiSpoofing
Policy ID
51ba8956d6e3
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofingREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.