Explore Biometrics – Deploy and upgrade operating systems

Home / Explore Biometrics – Deploy and upgrade operating systems

Authentication methods, Enable VPN Reconnect, Microsoft Certifications, Microsoft MD-101

Explore Biometrics – Deploy and upgrade operating systems

By Suzan Voga-Duffee 05/05/2021
Explore Biometrics

Biometrics, like a fingerprint, provides a more secure (and often more convenient) method—for both the user and administrator—to be identified and verified. Windows 10 includes native support for biometrics through the Windows Biometric Framework (WBF), and when used as part of a multifactor authentication plan, biometrics is increasingly replacing passwords in modern workplaces.

Biometric information is obtained from the individual and stored as a biometric sample, which is then securely saved in a template and mapped to a specific user. To capture a person’s fingerprint, you use a fingerprint reader (you “enroll” the user when configuring this). Also, you can use a person’s face, retina, or even the user’s voice. The Windows Biometric service can be extended to also include behavioral traits, such as the gait of a user while walking or the user’s typing rhythm.

Windows includes several Group Policy settings related to biometrics, as shown in Figure 1-16, that you can use to allow or block the use of biometrics from your devices. You can find Group Policy Objects here: Computer Configuration > Administrative Templates > Windows Components > Biometrics.

Figure 1-16 Biometrics Group Policy settings

Azure MFA

Azure MFA provides organizations with a highly scalable two-step verification solution, which can be used to safeguard access to data and applications and provide users with a simple sign-in process.

There are several methods you can use enable Azure MFA:

  • Enabled by conditional access policy Conditional access policy is available for Azure MFA in the cloud if you have Azure AD premium licensing. It requires Azure AD P1 or P2 licensing.
  • Enabled by Azure AD Identity Protection This method uses an Azure AD Identity Protection risk policy to enforce two-step verification for sign in to all cloud applications. It requires Azure AD P2 licensing.
  • Enabled by changing user state This is the traditional method for requiring two-step verification. An administrator can configure Azure MFA so that users must perform two-step verification every time they sign in, and it overrides conditional access policies.

When enabling Azure MFA, users are required to configure their preferred authentication methods using the registration portal at https://aka.ms/mfasetup, as shown in Figure 1-17.

Figure 1-17 Configuring additional settings for security verification

Leave a Reply

Your email address will not be published. Required fields are marked *


*