With Windows 10 version 1809, also known as Windows 10 October 2018 Update you can use biometrics to authenticate to a remote desktop session, as long as Windows Hello for Business are allowed and configured with both Azure Active Directory and Active Directory users.
Windows will automatically prompt you for biometrics when you’re creating a remote desktop session to a etc. Windows 2016 Server if you have logged in to your own computer using Windows Hello for Business.
Do you also use shared PCs in your organization?
Within Build 17713 for Windows 10, you have the availability to use “Fast Sign-in,” which let the users sign in to a shared Windows 10 PC in a flash!
It only takes a few minutes to setup – so why not give it a try?
How to enable Fast Sign-in
- Set up a shared or guest PC with Windows 10
- Set the following policy to enable Fast Sign in (Policy CSP/Authentication/EnableFastFirstSignIn)
- With the policy enabled, sign-in to a shared PC with your account and notice the difference!
With the latest update to Intune, it is now possible to requiring a non-biometric PIN after an specified timeout, which improve the security for Mobile Application Management (MAM) enabled apps.
This settings affect users who rely on Touch ID (iOS), Face ID (iOS), Android Biometric, or other future biometric authentication methods to access their MAM-enabled applications.
These settings enable Intune admins to have more granular control over user access, eliminating cases where a device with multiple fingerprints or other biometric access methods can reveal corporate data to an incorrect user.
To enable the new feature, go to the Microsoft 365 Device Management portal -> Client apps -> App protection policies -> Create policy OR Change an existing policy -> Settings -> Access requirements