This topic applies to Windows 11 and Windows 10 devices that connect with IT and are supported on Azure Active Directory joined systems. Microsoft is now offering multiple ways to sign in to Windows 11/10 PC, making the experience much better. In this post, we are looking at three ways in which IT Pros can enable users to log in to the device.
New ways to Sign-in to Windows 11/10
While most of us are familiar with the usual ways to sign in to Windows 11/10, these are the three new ways to sign in to your Windows 11/10 computer system now:
- Web sign-in
- Faster sign-in
- Remote Desktop with Biometrics
Enable Web sign-in to Windows Device
Until now, Windows Logon supported the use of identities federated Active Directory Federation Services or other providers that support the WS-Fed protocol. Starting with Windows 10 v1809, Microsoft introduced Web Sign-in. This works or rather enables Windows logon support for non-ADFS federated providers.
If you have a Windows 11/10 PC, which is part of Azure AD Joined PCs, then you will have an extra icon on your Login screen that looks like a Globe. This gets enabled when the administrator or IT Pro enables Web Sign-in. The option is available in Policy CSP or the Policy Configuration Service Provider. You can find it under Policy CSP > Authentication > EnableWebSignIn.
So if your company has enabled this, you will have that extra sign-in option. Click on the Sign button, and then use the company credential to log in to the account.
Enable Faster sign-in to a Windows Shared PC
This feature ensures that users have a much faster experience when logging into a shared PC. Usually, signing in with your account on a shared PC takes a bit of time as it sets up the environment, etc., for you. Starting with Windows 10 v1809, Windows now offers Fast Sign-in, which enables users to sign in to a shared Windows PC in a flash.
A system admin has to enable this by using Policy CSP. This feature is available under Policy CSP > Authentication > EnableFastFirstSignIn.
Login to Remote Desktop with Biometrics
Windows Hello for Business users can now use Biometrics to authenticate a remote desktop. This means you don’t need a password, and your fingerprint and face are enough. This again works with Azure Active Directory and Active Directory
There is a catch. This works when you sign into a Windows 11/10 PC using Windows Hello for Business. So when you launch Remote Desktop Connection, type the computer’s name, and hit connect, Windows will automatically log in to that PC if you have the authorization. This works because Windows remembers how you signed in and automatically selects Windows Hello for Business to authenticate you to your RDP session. That said, it also works with a PIN if you choose so.
It is interesting to see how Microsoft is evolving IT pro’s options to meet business needs.
