Yesterday, Microsoft published official guides on how to Save, Use and Manage Windows 11 Passkeys. Following that, today, the company has published a new guide related to passwordless sign-in.
The guide is available inside a new support document published by the company regarding Enhanced Sign-in Security or ESS. If you are not aware, ESS essentially provides an additional level of security to biometric data with the help of Virtualization-based Security (VBS) and TPM 2.0.
Windows Hello allows authentication via facial recognition, fingerprint recognition, as well as via PIN, and with the help of ESS the authentication is done securely. If you recall, when Windows 11 was first released, Microsoft had explained the benefits of security features like VBS and TPM 2.0.
Here's MIcrosoft's guide on how to configure ESS inside Windows 11 Settings is given below:
You can use the Settings app to configure ESS.
In the Settings app on your Windows device, select Accounts > Sign-in options or use the following shortcut:
Under Additional settings > Sign in with an external camera or fingerprint reader, there's a toggle that allows you to enable or disable ESS:
When the toggle is Off, ESS is enabled and you can't use external peripherals to sign in. Remember, you can still use external peripherals within apps like Teams
When the toggle is On, ESS is disabled and you can use Windows Hello compatible peripherals to sign in
Bear in mind though that ESS does require specially certified hardware. For example, Microsoft says that a face or fingerprint reader should have the “CM_DEVCAP_SECUREDEVICE” capability to support ESS. This can be found in the Details tab inside the device's property.
You can find the new support article Microsoft published here. You can also learn much more about it in this document here on Microsoft's official website. This guide was published by Microsoft simultaneously in addition to one about going passwordless using MSA.
11 Comments - Add comment