# Entra joined without hello This scenario applies to environments where Windows Hello for Business is intentionally disabled — kiosk terminals, shared machines, or simplified sign-in flows. Peig Web Sign-In is the primary authentication method, with TAP as a backup. ## Prerequisites * Device is Microsoft Entra Joined * Windows 10 or 11 Pro, Enterprise, or Education * Device is managed by Microsoft Intune * Peig is configured as the Web Sign-In identity provider {% stepper %} {% step %} ### Disable Windows Hello for Business 1. Go to **Intune admin center → Devices → Configuration profiles** 2. Click **+ Create profile** 3. Select **Platform: Windows 10 and later** and **Profile type: Settings catalog** 4. Name the profile (e.g. `Disable WHfB`) and click **Create** 5. In **Configuration settings**, click **+ Add settings** and search for `hello` 6. Add the following setting: | Setting | Value | | --------------------------------------- | -------- | | Use Windows Hello For Business (Device) | Disabled | 7. Assign the profile to your Entra Joined device group 8. Click **Create** {% hint style="info" %} This prevents the Windows Hello setup wizard from running during first sign-in. {% endhint %} {% endstep %} {% step %} ### Configure Peig Web Sign-In 1. Go to **Intune admin center → Devices → Configuration profiles** 2. Click **+ Create profile** 3. Select **Platform: Windows 10 and later** and **Profile type: Settings catalog** 4. Name the profile (e.g. `Enable Web Sign-In (Peig)`) 5. In the **Authentication** section, add the following settings: | Setting | Value | | ---------------------------------- | ---------------------- | | Enable Web Sign In | Enabled | | Enable Passwordless Experience | Enabled | | Configure Web Sign In Allowed URLs | `dev-integ.aducid.com` | 6. Assign to your Entra Joined device group and click **Create** #### User experience 1. On the lock screen, select **Sign-in options → Sign in with web account** 2. A QR code and URL appear 3. The user scans the QR code on their Peig-registered mobile device 4. Peig handles the full authentication flow 5. The Windows Hello setup wizard does not run {% endstep %} {% step %} ### Configure Temporary Access Pass (TAP) as backup TAP serves as a backup method when Web Sign-In is unavailable. #### Enable TAP in Entra ID 1. Go to [https://entra.microsoft.com](https://entra.microsoft.com/) 2. Navigate to **Microsoft Entra ID → Authentication methods → Temporary Access Pass** 3. Click **Enable** 4. Configure allowed duration and whether TAPs are one-time use #### Issue a TAP for a user 1. Go to **Users → \[select user] → Authentication methods** 2. Click **+ Add authentication method → Temporary Access Pass** 3. Set validity period and one-time use preference 4. Click **Add** and copy the generated code {% hint style="danger" %} The TAP code is shown only once. Copy it immediately and deliver it to the user securely. {% endhint %} #### User experience 1. On the lock screen, click **Sign-in options → Temporary Access Pass** 2. Enter the TAP code 3. Device authenticates via Microsoft Entra ID 4. The Windows Hello setup wizard does not run — it is disabled {% endstep %} {% endstepper %} {% hint style="success" %} Done? Return to [Entra Device Enrollment](/welcome-to-peig-documentation/deployment-guides/microsoft-365/entra-device-enrollment.md) or go back to [Scenario 1](/welcome-to-peig-documentation/deployment-guides/microsoft-365/entra-device-enrollment/entra-joined-with-hello.md) if you need Windows Hello for Business instead. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.peig.io/welcome-to-peig-documentation/deployment-guides/microsoft-365/entra-device-enrollment/entra-joined-without-hello.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.