Microsoft Intune Mobile Device Management (MDM) enables you to manage iOS, Android, and Windows devices securely.
Using Intune MDM, you can fulfill the following requirements:
Protect both corporate devices and users’ mobile devices.
Manage access to corporate data through corporate devices and users’ mobile devices.
Perform various actions remotely on managed devices through the Intune portal. For example, implementing Conditional Access, locking a device, data encryption, passcode reset, and data wipe for stolen or lost devices.
Enable Windows Hello for Business.
For more information, see What is Microsoft Intune.
Set up automatic hybrid Azure AD Join for Windows devices. See Setting Up Automatic Hybrid Azure AD Join for Windows Devices.
Configure a group policy to trigger auto-enrollment to MDM for AD domain-joined devices.
For instructions, see Enroll a Windows 10 device automatically using Group Policy.
Windows Hello for Business facilitates you to log in to an AD or Azure AD account through the registered device using biometric or PIN.
For more information, see Windows Hello for Business.
To use this feature, the device must be managed by Intune MDM or hybrid Azure AD joined (See Automatic Hybrid Azure AD Join for Windows Devices).
Perform the following steps to enable Windows Hello for Business:
On the Intune Portal, click Device enrollment > Windows enrollment > Windows Hello for Business.
Select Enabled.
Configure settings based on your requirements. These settings are applied to all Windows 10 and Windows 10 Mobile devices.
For information about various settings, see Create a Windows Hello for Business policy.
Deploy Windows Hello for Business in a hybrid key trust scenario.
For information about how to deploy it, see Hybrid Azure AD joined Key Trust Deployment.