This article covers how to disable Windows Hello mechanisms so that users do not get prompted to set them up in Windows Hello when enrolling in Okta Verify.

• Okta Identity Engine (OIE)
• Windows Operating Systems: 10, 11
• Okta Verify

• The Okta Solution is disabling User Verification globally.
• The Microsoft Solution should be consulted with Microsoft before implementation. The admin assumes all responsibility for vetting the following information before implementation for specific functionality in their OS.
• The Options for the OS include Group Policy Modification or a Registry modification, as per Microsoft Answers question on the subject.

Method 1: Using Group policy settings

If using Windows 10 Pro edition, it's possible to change the group policy settings to disable PIN sign-in option for all users.

1. Open the Run dialog box by pressing the Windows key and the R key together.
2. Type GPEDIT.MSC and hit the Enter key.
3. Go to Computer Configuration > Administrative Templates > System > Logon.
4. On the right side, double-click on Turn on convenience PIN sign-in and select Disabled.

5. Similarly, disable any other Windows Hello options.
6. Exit the Group policy editor and reboot the computer.

If Biometrics are available on the system, disabling them will also effectively "disable" the Windows Hello Prompt on OV enrollment.

1. Open the Run dialog box by pressing the Windows key and the R key together.
2. Type GPEDIT.MSC and hit the Enter key.
3. Go to Computer Configuration > Administrative Templates > Windows Components > Biometrics.
4. On the right side, double-click on Allow the use of Biometrics and select Disabled.

5. Similarly, disable the other Windows Hello options if any.
6. Exit the Group policy editor and reboot the computer.

Method 2: Disabling Windows Hello in Registry

If setting Group policy does not work, sign-in options can be disabled, which should deactivate Windows Hello options for all user accounts.

NOTE: The registry is a database in Windows that contains important information about system hardware, installed programs and settings, and profiles of each of the user accounts on the computer. Windows often reads and updates the information in the registry.

Normally, software programs make registry changes automatically. Unnecessary changes to the registry should be avoided. Changing registry files incorrectly can cause Windows to stop working or make Windows report the wrong information.

Please take a backup of the registry. Follow the steps given in the link below:

How to back up and restore the registry in Windows

1. Open the Run dialog box by pressing the Windows key and the R key together.
2. Type Regedit and hit the Enter key.
3. When the Registry Editor opens, navigate to the following location: KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowSignInOptions.
4. In the right pane, double-click on the DWORD entry named value and set it to 0. The above method will disable Windows Hello for all user accounts.

(To re-enable it, change the DWORD entry value back to 1).

Related References

• Enabling Windows Hello Setup Prompt when Registering Okta Verify
• External Link: Microsoft Answers question on the subject
• External Link: How to back up and restore the registry in Windows