<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00000rsbp20AAOkta Classic EngineAuthenticationAnswered2025-06-12T07:04:50.000Z2025-05-29T05:31:19.000Z2025-06-12T07:04:50.000Z

YusukeE.33230 (Customer) asked a question.

May 29, 2025 at 5:31 AM
How to Set Up Windows Hello for Business During Device Enrollment in an Okta Device Trust Environment

We are currently setting up Device Trust between Okta and Microsoft.

During Windows device enrollment, the Okta sign-in screen that appears is also subject to Device Trust, which prevents us from proceeding with the Windows Hello for Business setup.

 

It seems that Okta treats this sign-in screen as "Modern Authentication with a new device," which causes it not to fall under the Autopilot flow, thereby blocking Windows Hello configuration.

 

If anyone knows a good workaround or method to successfully set up Windows Hello in this kind of environment, your advice would be greatly appreciated. Thank you!

 

/help/servlet/rtaImage?refid=0EMKZ000000d5aX

  • 3 answers
  • 230 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @YusukeE.33230 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    Based on my research, it might be possible to setup a dedicated Sign-on policy for Windows Autopilot leveraging client specific authentication allowance setting up a top priority rule which specifies it applies for "Windows Autopilot". - if you don't see "Windows Autopilot" as an option in your client list, your might need to enable the EA feature from Okta Admin Dashboard > Settings > Features > Windows Autopilot Enrollment Policy.  

     

    That being said, I strongly recommend opening a case to work with the Support team to review your current configuration and discuss potential impact. 

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Expand Post

    • YusukeE.33230 (Customer)

      Thank you.

      I have already implemented Client is Autopilot with Authentication Policy using the relevant settings. However, the WHfB configuration screen does not recognize it as Autopilot, it recognizes it as New Device and ModernAuthentication.

This question is closed.
Loading
How to Set Up Windows Hello for Business During Device Enrollment in an Okta Device Trust Environment