How to Enable or Disable Users to use Companion Device to Sign in to Windows 10
Users can use a Windows Hello companion device, such as a phone, fitness band, or IoT device, to sign in to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello.
There are numerous ways one can use the Windows Hello companion device framework to build a great Windows unlock experience with a companion device. For example, users could:
- Attach their companion device to PC via USB, touch the button on the companion device, and automatically unlock their PC.
- Carry a phone in their pocket that is already paired with PC over Bluetooth. Upon hitting the spacebar on their PC, their phone receives a notification. Approve it and the PC simply unlocks.
- Tap their companion device to an NFC reader to quickly unlock their PC.
- Wear a fitness band that has already authenticated the wearer. Upon approaching PC, and by performing a special gesture (like clapping), the PC unlocks.
This tutorial will show you how to enable or disable the ability to sign in using a Windows Hello companion device for all users in Windows 10.
You must be signed in as an administrator to enable or disable the ability to sign in using a Windows Hello companion device.
- Option One: Enable or Disable Users to use Companion Device to Sign in to Windows 10 using Local Group Policy Editor
- Option Two: Enable or Disable Users to use Companion Device to Sign in to Windows 10 using a REG file
The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.
All editions can use Option Two below.
1. Open the Local Group Policy Editor.
2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
Computer Configuration\Administrative Templates\Windows Components\Microsoft Secondary Authentication Factor
3. In the right pane of Microsoft Secondary Authentication Factor in Local Group Policy Editor, double click/tap on the Allow companion device for secondary authentication policy to edit it. (see screenshot above)
4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.
A) Select (dot) Not Configured or Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)
7. When finished, you can close the Local Group Policy Editor.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SecondaryAuthenticationFactor
AllowSecondaryAuthenticationDevice DWORD
(delete) = Enable
0 = Disable
1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Enable_sign_in_with_companion_device.reg
Download
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Disable_sign_in_with_companion_device.reg
Download
4. Save the .reg file to your desktop.
5. Double click/tap on the downloaded .reg file to merge it.
6. When prompted, click/tap on Run, OK (UAC), Yes, and OK to approve the merge.
That's it,
Shawn
Related Tutorials
- How to Sign in to Windows 10
- How to Enable or Disable Domain Users to Sign in to Windows 10 using Biometrics
- How to Enable or Disable Users to Sign in to Windows 10 using Biometrics
Enable or Disable Sign in to Windows 10 using Companion Device
Enable or Disable Sign in to Windows 10 using Companion Device
How to Enable or Disable Users to use Companion Device to Sign in to Windows 10Published by Shawn BrinkCategory: User Accounts
19 Feb 2019
Tutorial Categories
Related Discussions
