Posted in : Intune, Microsoft, Powershell, Windows By Tobias Sandberg Translate with Google ⟶

2 years ago



In some scenarios you might want to delete Windows Hello for Business sign-in information like PIN-code information for a specific user. With the following command that can be done if executed in user context.

certutil /deletehellocontainer

This can be useful if your on-premises environment cannot handle Windows Hello for Business sign-ins to authenticate the user (such as  Hyrbid Azure AD Key Trust) but you already have users out there in your organization using this functionality because you didn’t block the Windows Hello for Business settings.

The next time the user tries to log in, it will only be via password and not Windows Hello for Business.

So if you want to do this via Intune you can use this Powershell script and deploy it in user context.

If you have any questions, feel free to email me at or comment down below. I will try to answer you as soon as possible.

Tags : certutil, deletehellocontainer, Intune, Microsoft, Microsoft Intune, whfb, Windows 10, Windows 11, Windows Hello, Windows Hello for business, Windwos

Personlig rådgivning

Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.

Add comment

Your comment will be revised by the site if needed.