Windows Hello for Business: 10-Wk Implementation


PwC's Windows Hello for Business solution enables integration with Azure to create a secure passwordless journey for your enterprise by rapidly deploying Windows Hello with a forward looking lens

Windows Hello for Business is a modern passwordless enabling technology for users to securely access their workstation devices, apps, online services and networks. It replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.

PwC's Windows Hello for Business solution, coupled with Microsoft's technologies, delivers a modern approach to enable a secure, passwordless journey for your enterprise. Our solution enables Windows for Business to integrate with Azure Active Directory and on premise domain controllers depending on your deployment model and provides integration with Azure Multi-Factor Authentication for stronger security through a rapid pilot and rollout approach.

The team will first conduct a rapid pilot & provide guidance to your teams for a rollout plan and adoption for Windows Hello for Business technology, and then integrate the solution with the existing Enterprise infrastructure with your future state in mind. Weeks 1 through 3 - We help collect details pertaining to existing IT Infrastructure, Azure Licensing, and MFA needs and develop an approach for deployment and setup configurations for deployment. Weeks 4 through 9 - We assist in rolling out the pilot deployment and test with supported infrastructure, gather feedback from workforce (on-site & remote), Ops teams (new processes), and capture analytics and then expand capabilities piloted & build rollout plan. Week 10 - We work together to finalize the phased rollout plan for your organization.

Windows Hello for Business Differentiators

  • Can leverage specialized hardware to create key pairs that are unique per registered device
  • The private key never leaves a device when using TPM. The authenticating server has a public key that is mapped to the user account.