Windows Hello for Business

Windows Hello for Business (WHfB) is the Microsoft passwordless authentication method that binds a user's identity to a specific Windows device. The credential is a key pair generated on the device — backed by the TPM where present — unlocked by biometrics (face, fingerprint) or a device PIN. Authentication is phishing-resistant (the signed challenge can't be relayed) and works for sign-in to Windows, Entra ID, and federated apps. Deployed via Intune configuration profiles or Group Policy. Often the first passwordless method organisations deploy because it's already on every modern Windows device — just turn it on.