This article explains how to identify if the Windows Hello confirmation prompt is enabled for Okta Verify on a specific device. It also addresses current limitations regarding bulk auditing for this setting.

• Okta Identity Engine (OIE)
• Okta Verify
• Windows
• Okta FastPass

Windows Hello status for Okta Verify is identifiable on a per-device basis through the Okta Admin Console.

1. In the Admin Console, go to Directory > People.
2. Select the user to check.
3. Go to the Devices tab.
4. Select the specific Windows device to view its details.
5. In the Device signals section, locate the Lock screen attribute.

• • If the value is Enabled, a screen lock (such as Windows Hello PIN, Biometrics, or a password) is active on the device and used for Okta Verify confirmations.

NOTE: The Lock screen signal data only populates after the user performs at least one successful authentication using Okta FastPass from that device. If this field is empty for an enrolled device, instruct the user to sign in to an application using Okta FastPass.

Bulk Auditing

Currently, there is no API endpoint or scripting method available to query the Lock screen device signal in bulk across all devices in an organization. Devices must be checked individually.

Feature Enhancement Request

If a bulk export or API-based solution for this data is required, submit a feature request on the Okta Ideas portal. This allows the Engineering and Product teams to gauge customer demand and prioritize new features.