This topic is applicable for Windows 11, Windows 10 v1809, and later devices which connect with IT, and are supported on Azure Active Directory joined systems. Microsoft is now offering multiple ways to sign in to Windows 11/10 PC and also making the experience much better. In this post, we are looking at three ways in which IT Pros can enable to let users log in to the device.
New ways to Sign-in to Windows 11/10
While most of us are familiar with the usual ways to sign in to Windows 1/110, these are the three new ways to sign in to your Windows 11/10 computer system now:
- Web sign-in
- Faster sign-in
- Remote Desktop with Biometrics
Enable Web sign-in to Windows Device
Until now, Windows Logon supported the use of identities which was federated Active Directory Federation Services or other providers that support the WS-Fed protocol. Starting with Windows 10 v1809, Microsoft has introduced — Web Sign-in. This works or rather enables Windows logon support for non-ADFS federated providers.
If you have a Windows 10 PC which is part of Azure AD Joined PCs, then you will have an extra icon on your Login screen which looks like a Globe. This gets enabled when the administrator or IT Pro enables Web Sign-in. The option is available in Policy CSP or the Policy configuration service provider. You can find it under Policy CSP > Authentication > EnableWebSignIn.
So if your company has enabled this, you will have that extra sign-in option. Click on the Sign button, and then use the company credential to log in to the account.
Enable Faster sign-in to a Windows Shared PC
This feature makes sure that when a user logs into a shared PC, the experience is much faster. Usually, when you sign-in with your account on a shared PC, it takes a bit of time as it sets up the environment, etc. for you. Start with Windows 10 v1809; Windows now offers Fast Sign-in,” which enables users to sign in to a shared Windows 10 PC in a flash (Claimed by Microsoft!)
A system admin has to enable this by using Policy CSP. This feature is available under Policy CSP > Authentication > EnableFastFirstSignIn.
Login to Remote Desktop with Biometrics
Users using Windows Hello for Business now can use Biometrics to authenticate a remote desktop. This means you don’t need to use any kind of password, and your fingerprint and face are enough. This again works with Azure Active Directory and Active Directory
There is a catch. This works when you sign into Windows 11/10 PC using Windows Hello for Business. So when you launch Remote Desktop Connection, type the name of the computer, and hit connect, Windows 10 will automatically login to that PC if you have the authorization. This works because Windows remembers how you signed in, and automatically selects Windows Hello for Business to authenticate you to your RDP session. That said, it also works with a PIN if you choose so.
It is interesting to see how Microsoft is evolving IT pros options to meet the business needs.