We have some users working from home who received new company laptops, but their external webcams that are compatible with Windows Hello for Business (WHFB) aren't working with these new devices. We've noticed that it seems necessary to lower the device's security settings, such as disabling virtualization technology in the BIOS, to make these external webcams functional. It's frustrating because if one component in the laptop supports enhanced sign-in security—like an integrated fingerprint scanner or camera—the whole device is locked into that security level. Also, the option to toggle Enhanced Sign-in Security is greyed out and can't be adjusted. We're using Dell Pro 14" laptops. Has anyone else experienced similar issues?
5 Answers
We've had this issue too! Instead of downgrading security, we just replaced the webcams. It’s not worth compromising device security for a peripheral, especially since users still have options like PINs and fingerprints for authentication. Facial recognition is nice, but security comes first!
By the way, which webcams are recommended to ensure compatibility with Enhanced Sign-in Security?
If you’re managing devices through Intune, try disabling ESS there. Keep in mind that you'll need to reset all Windows Hello methods afterward. It’s necessary to set new methods after disabling ESS to get WHFB working properly with compatible devices.
As others have said, it's best to manage ESS through MDM. Check out this link for detailed info on what changes might be necessary: [Link to Microsoft Docs]. You shouldn't need to fiddle with virtualization settings for this.
Make sure to check your Group Policy or Intune Settings Catalogue for the option "Enable ESS with Supported Peripherals." If it's enabled, that could be why your toggle is greyed out. It might be worth looking into that setting.
I don't think tweaks to BIOS are needed here. Follow the guidelines on that link and you should be fine without lowering the security.
I agree! Fingerprints can actually be more accurate, though it really depends on the device and manufacturer.