{"id":10031,"date":"2025-04-17T09:00:00","date_gmt":"2025-04-17T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=10031"},"modified":"2025-12-08T08:49:26","modified_gmt":"2025-12-08T16:49:26","slug":"implementing-strong-user-authentication-with-windows-hello-for-business","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/","title":{"rendered":"Implementing strong user authentication with Windows Hello for Business"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Deploying Windows Hello for Business internally here at Microsoft has significantly increased our security when our employees and vendors access our corporate resources. This feature offers a streamlined user sign-in experience\u2014it replaces passwords with strong, phishing-resistant authentication by combining an enrolled device with a PIN or biometric user input for sign in.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Windows Hello was easy to implement within our existing identity infrastructure and is compatible for use within our remote access solution. We in Microsoft Digital, the company\u2019s IT organization, streamlined the deployment of this feature as an enterprise credential to improve our user sign-in experience and to increase the security of accessing corporate resources.<\/p>\n\n\n\n<aside class=\"wp-block-group aside-for-guide has-white-200-background-color has-background has-global-padding is-content-justification-right is-layout-constrained wp-container-core-group-is-layout-3f1abf08 wp-block-group-is-layout-constrained\" style=\"border-radius:10px;padding-top:var(--wp--preset--spacing--spacing-12);padding-right:var(--wp--preset--spacing--spacing-12);padding-bottom:var(--wp--preset--spacing--spacing-12);padding-left:var(--wp--preset--spacing--spacing-12)\">\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-298f84b7 wp-block-group-is-layout-flex\" style=\"margin-top:0;margin-bottom:0;padding-top:0;padding-bottom:0\">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"132\" height=\"132\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/10\/Engage-with-our-experts_blogs.png\" alt=\"\" class=\"wp-image-20636\" style=\"width:48px\"\/><\/figure>\n\n\n\n<p class=\"has-body-lg-font-size wp-block-paragraph\"><strong>Engage with our experts!<\/strong><\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-4)\">Customers or Microsoft account team representatives from Fortune 500 companies are welcome to <a href=\"mailto:msitstaff@microsoft.com\">request a virtual engagement<\/a> on this topic with experts from our Microsoft Digital team.<\/p>\n<\/aside>\n\n\n\n<p class=\"wp-block-paragraph\">Using this feature, users can authenticate to a Microsoft account, an Active Directory account, or a Microsoft Entra ID account (formerly known as a Microsoft Azure Active Directory account).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Windows Hello for Business feature is a public key or certificate-based authentication approach that goes beyond passwords. This form of authentication relies on key pairs that can replace passwords and are resistant to breaches, thefts, and phishing.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Other benefits of this feature include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>It supports our Zero Trust security model<\/strong>. Emphasizes an identity-driven security solution by centering on securing user identity with strong authentication as well as eliminating passwords.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>It uses existing infrastructure.<\/strong> We configured Windows Hello to support smart card-like scenarios by using a certificate-based deployment. Our security policies enforce secure access to corporate resources with phishing-resistant authentication, including smart cards and passkeys. Windows Hello biometric authentication is currently enabled, but optional for all users.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>It uses a PIN.<\/strong> Replace passwords with stronger authentication. Users can now sign in to a device using a PIN that is backed by a trusted platform module (TPM) chip.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>It provides easy certificate renewal.<\/strong> Certificate renewals automatically occur when a user signs in with their PIN before the lifetime threshold is reached.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>It permits a single sign-in.<\/strong> After users sign in with their PIN, they have access to email, SharePoint sites, Microsoft 365, and business applications without being asked for credentials again.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>It is compatible with remote access.<\/strong> When using Hello for Business, users can connect remotely using a Microsoft Digital VPN without the need for additional authentication.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>It supports Windows Hello.<\/strong> If users have compatible biometric hardware, they can set up biometrics sign-in to swipe their finger or take a quick look at the device camera. This is optional for all users.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Our deployment environment for the Windows Hello for Business feature includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Server:<\/strong> Microsoft Entra ID subscription and Microsoft Entra Connect to extend on-premises directory to Entra ID<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>For certificate enrollment:<\/strong> Active Directory Certificate Services (AD CS), Network Device Enrollment Service (NDES), and Microsoft Intune<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Client:<\/strong> Windows 10 or Windows 11 device with an initialized and owned TPM<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For more information about integrating on-premises identities with Microsoft Entra ID, see <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/hybrid\/whatis-hybrid-identity\" target=\"_blank\" rel=\"noreferrer noopener\">What is hybrid identity with Microsoft Entra ID?<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enrollment and setup<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Windows Hello for Business user enrollment steps vary, based on our deployed scenarios. For all scenarios, users will need to use another form of phishing-resistant authentication or a Temporary Access Pass to complete the enrollment.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Windows Hello for Business feature supports the following enrollment scenarios:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>On-premises Active Directory hybrid domain\u2013joined devices.<\/strong> Users sign in with their domain account, the device is registered with Entra ID and scoped for Intune management, Intune policies are delivered and then the user creates a PIN.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Entra ID\u2013joined devices managed by Microsoft Intune.<\/strong> Users must enroll in device management through Microsoft Intune. After their device is enrolled and the policies are applied, the PIN credential provisioning process begins, and users receive the prompt to create their PIN.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Phishing-resistant authentication is required for PIN creation using one of the existing methods: smart card, passkey, or TAP (Temporary Access Pass).<\/li>\n\n\n\n<li class=\"wp-block-list-item\">A PIN that has at least six characters.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">A connection to the internet or Microsoft corporate network.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Physical architecture<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Our Windows hybrid domain<strong>\u2013<\/strong>joined devices were already synchronized with Entra ID through Microsoft Entra Connect, and we already had a public key infrastructure (PKI) in place. Already having a PKI reduced the amount of change required in our environment to enable the Windows Hello for Business feature.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To deploy user certificates based on Windows Hello keys, we used Intune, NDES, and AD CS.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Server roles and services<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In our implementation, the following servers and roles worked together to enable Windows Hello as a corporate credential:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Entra ID subscription with Microsoft Entra Device Registration Service to register devices with Entra ID.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Intune is used to manage Hello for Business policies for all enrolled devices.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">PKI includes NDES servers (with Certificate Connector for Microsoft Intune) and certificate authorities (with smart card EKU\u2014enhanced key usage\u2014template), used for the issuance, renewal, and revocation of Windows Hello for Business certificates.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Hybrid domain<strong>\u2013<\/strong>joined service workflow<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The following workflow applies to any Windows 10 of Windows 11 computers joined to our AD DS domain.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Our hybrid domain<strong>\u2013<\/strong>joined devices are automatically registered with Entra ID via a group policy and enrolled in Intune management.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Intune Policies\u2014including Hello enablement, configuration, and NDES information\u2014are delivered to the device.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">During the next sign-in, the user is prompted to configure Windows Hello for Business, confirm their identity using phishing-resistant authentication, and create a PIN. A private key is created and registered in Entra ID. The user can also initiate the Windows Hello setup process from the Settings app at any time.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">On the next Intune sync, the device contacts the internet-facing NDES server using the URL from the Intune policy and provides the challenge response. The NDES server validates the challenge with the Certificate Connector for Microsoft Intune and receives a \u201ctrue\u201d or \u201cfalse\u201d to challenge verification.\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">If the challenge response is \u201ctrue,\u201d the NDES server communicates with the certificate authority (CA) to get a certificate for the device. Appropriate ports need to be open between the NDES server and the CA for this to happen.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"wp-block-list-item\">The NDES server delivers the certificate to the computer.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Entra ID<strong>\u2013<\/strong>joined service workflow<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">On device join, Intune pushes a device policy to Microsoft Entra ID devices that contains the Windows Hello for Business policies as well as the URL of the NDES server and the challenge generated by Intune.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">During the device join flow, the user is prompted to configure Hello for Business, confirm their identity using phishing-resistant authentication, and create a PIN. A private key is created and registered in Entra ID. The user can also initiate the Windows Hello setup process from the Settings app at any time.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">On the next Intune sync, the device contacts the internet-facing NDES server using the URL from the Intune policy and provides the challenge response. The NDES server validates the challenge with the Certificate Connector for Microsoft Intune and receives a \u201ctrue\u201d or \u201cfalse\u201d to challenge verification.\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">If the challenge response is \u201ctrue,\u201d the NDES server communicates with the certificate authority (CA) to get a certificate for the device. Appropriate ports need to be open between the NDES server and the CA for this to happen.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"wp-block-list-item\">The NDES server delivers the certificate to the computer.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Setting policies<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Windows Hello for Business policies for both hybrid domain<strong>\u2013<\/strong>joined and Entra ID<strong>\u2013<\/strong>joined Windows 10 and Windows 11 devices are managed by Intune. We also use these policies to define the complexity and length of the PIN that our users generate at registration and to control whether Windows Hello was enabled.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We chose to enable Hello for Business with a hardware-required option, which means that keys are generated on the TPM. Additionally, we chose to issue a certificate to all Hello for Business credentials to enhance the usability of the credential throughout the corporate infrastructure.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Policy management<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We set the Windows Hello for Business policy settings with Intune in two different places. First, setting them via the Tenant Policy ensures that the policies are delivered during the device-enrollment flow. The Tenant Settings can be found in Microsoft Intune Manager Admin Center under <strong>Devices<\/strong> &gt; <strong>Windows<\/strong> &gt; <strong>Windows Enrollment <\/strong>&gt;<strong> Windows Hello for Business. <\/strong>However, Tenant Polices are only delivered one time on device join.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We also configure the settings using the Intune Settings Catalog to ensure that they are continuously enforced on all devices. This allows us to update the policies on devices that are already joined. In these policies, we have configured the following options:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Enable Windows Hello for Business<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Require use of a Trusted Platform Module (TPM)<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Allow biometric authentication<\/li>\n\n\n\n<li class=\"wp-block-list-item\">PIN complexity:\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Minimum length: 6 characters<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Allow uppercase letters<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Allow lowercase letters<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Allow special characters<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For more details on these policy configuration options, <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/security\/identity-protection\/hello-for-business\/configure\" target=\"_blank\" rel=\"noreferrer noopener\">check out our documentation page on the Microsoft Learn site<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To enable the Windows Hello for Business certificate issuance, configure the certificate profile (<strong>Assets &amp; Compliance<\/strong> &gt; <strong>Compliance Settings<\/strong> &gt; <strong>Company Resource Access<\/strong> &gt; <strong>Certificate Profiles<\/strong>). Select a template that has smart card sign-in extended key usage. Note that to set the minimum key size set, this certificate template should be configured in the Simple Certificate Enrollment Protocol (SCEP) Enrollment page; then you can use the Windows Hello for Business and Certificate Properties page to set the minimum key size set to <strong>2048<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">User enrollment experience<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">All Windows 10 and Windows 11 devices in the Microsoft environment receive the Windows Hello for Business policies from Intune. For hybrid domain<strong>\u2013<\/strong>joined devices, these policies are delivered after device registration with the Entra ID tenant. For Entra ID<strong>\u2013<\/strong>joined devices, the policies are delivered as part of the device join flow.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">PIN creation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">On hybrid domain<strong>\u2013<\/strong>joined devices, the user is prompted to create their Hello for Business PIN when they unlock or log into the device after the policy settings are applied and the prerequisites, such as TPM availability and state, are met.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Entra ID<strong>\u2013<\/strong>joined devices prompt the user to create their Hello for Business PIN during the device join workflow, assuming that the device meets all of the prerequisites.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Certificate enrollment process<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">After a PIN is successfully created, a certificate is automatically requested on behalf of the user during the next Intune policy sync operation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Certificate renewal behavior<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">We have configured PIN credential certificates to have a lifetime of 90 days from when they are issued. Renewals will happen approximately 30 days before they expire. When a user enters their Windows Hello for Business PIN within the 30 days prior to its expiration, a new certificate will be automatically provisioned on their device.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Certificate renewal is governed by Intune policies. The system checks for certificate lifetime percentage and compares it against the renewal threshold. If it\u2019s beyond the set threshold, a certificate renewal starts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Service management<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We manage identity as a service at Microsoft and are responsible for deciding when to bring in new types of credentials and when to phase out others. When we were considering adding the Windows Hello for Business feature, we had to figure out how to introduce the new credential to our users, and to explain to them why they should use it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Measuring service health<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019re in the process of creating end-to-end signals to measure the service health of Windows Hello for Business. For now, we\u2019re monitoring the performance and status of all our servers. We\u2019re also expanding the service, so adoption and usage numbers are very important metrics that demonstrate the success of our service. We also track the number and types of help desk issues that we see.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We use custom reports created from certificate servers and custom service metrics to collect prerequisites, and key and certificate issuance times for troubleshooting. Detailed reports about other aspects of the service can also be generated from Intune.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We configure a user\u2019s certificate to expire, and certificate renewals are issued with the same key. When necessary, the certificates can be revoked directly through Intune, which provides easier administration. Additionally, certificates are automatically revoked by the Intune service when a user or device is de-provisioned from the environment.<\/p>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Key-takeaways-badge.png\" alt=\"\" class=\"wp-image-19493\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Key-takeaways-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Key-takeaways-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">Key takeaways<\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Here are some tips for getting started with Windows Hello for Business at your company:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>OEM BIOS initialization instructions and TPM lockout policies are OEM-specific. <\/strong>We performed steps to identify and document the potential issues for each hardware provider. We also communicated to our users that clearing a TPM will cause their private key to not work in Windows Hello for Business.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Some of the common issues we saw with users creating their PINs could have been avoided with better communication.<\/strong> These issues include users not understanding the prerequisites, or the expected delays in onboarding scenarios. To help avoid this issue, we created a productivity guide to walk users through the steps.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Windows Hello for Business relies on several underlying services: Entra ID, Intune, NDES, and AD CS.<\/strong> All of these services need to be healthy and available.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Certificate issuance delays can be hard to troubleshoot,<\/strong> but monitoring the health and performance of the supporting services can help.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Try-it-out-badge.png\" alt=\"\" class=\"wp-image-19492\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Try-it-out-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Try-it-out-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">Try it out<\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/security\/identity-protection\/hello-for-business\/?OCID=InsideTrack_Product_10733\" target=\"_blank\" rel=\"noreferrer noopener\">Explore Windows Hello for Business.<\/a><\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Related-links-badge.png\" alt=\"\" class=\"wp-image-19491\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Related-links-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Related-links-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">Related links<\/p>\n<\/div>\n\n\n\n<ul style=\"margin-top:var(--wp--preset--spacing--spacing-20)\" class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/keeping-our-in-house-optical-network-safe-with-a-zero-trust-mentality\/\">Learn how we keep our in-house optical network safe with a Zero Trust mentality.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/phishing-resistant-authentication-videos\" target=\"_blank\" rel=\"noreferrer noopener\">Read about phishing-resistant authentication in Microsoft Entra ID.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/\">Discover how we&#8217;re implementing a Zero Trust security model at Microsoft.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/improving-security-by-protecting-elevated-privilege-accounts-at-microsoft\/\">Explore improving security by protecting elevated-privilege accounts at Microsoft.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/hybrid\/whatis-hybrid-identity\" target=\"_blank\" rel=\"noreferrer noopener\">Unpack hybrid identity with Microsoft Entra ID. <\/a>&nbsp;<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Wed-like-to-hear-from-you-badge.png\" alt=\"\" class=\"wp-image-19490\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Wed-like-to-hear-from-you-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Wed-like-to-hear-from-you-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">We&#8217;d like to hear from you!<\/p>\n<\/div>\n\n\n\n<ul style=\"margin-top:var(--wp--preset--spacing--spacing-20)\" class=\"wp-block-list is-style-list-no-bullets\">\n<li class=\"wp-block-list-item\"><a href=\"mailto:msitstaff@microsoft.com\">Want more information? Email us and include a link to this story and we\u2019ll get back to you.<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Deploying Windows Hello for Business internally here at Microsoft has significantly increased our security when our employees and vendors access our corporate resources. This feature offers a streamlined user sign-in experience\u2014it replaces passwords with strong, phishing-resistant authentication by combining an enrolled device with a PIN or biometric user input for sign in. Windows Hello was [&hellip;]<\/p>\n","protected":false},"author":209,"featured_media":10033,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[199,89,597,115,423,848],"coauthors":[841],"class_list":["post-10031","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-ai","tag-digital-transformation","tag-employee-experience","tag-microsoft-azure","tag-modern-engineering","tag-security-and-risk-management","program-microsoft-digital-technical-stories","m-blog-post"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Implementing strong user authentication with Windows Hello for Business<\/title>\n<meta name=\"description\" content=\"Read how Windows Hello for Business helps us improve our network security for employees and vendors internally here at Microsoft.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Implementing strong user authentication with Windows Hello for Business\" \/>\n<meta property=\"og:description\" content=\"Read how Windows Hello for Business helps us improve our network security for employees and vendors internally here at Microsoft.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-17T16:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-08T16:49:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/04\/7117_hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1040\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Hirning\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Hirning\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/\"},\"author\":{\"name\":\"David Hirning\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/e760383087e27b1a34dab6888c00fe20\"},\"headline\":\"Implementing strong user authentication with Windows Hello for Business\",\"datePublished\":\"2025-04-17T16:00:00+00:00\",\"dateModified\":\"2025-12-08T16:49:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/\"},\"wordCount\":2258,\"image\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/04\\\/7117_hero.jpg\",\"keywords\":[\"AI\",\"digital transformation\",\"Employee experience\",\"Microsoft Azure\",\"Modern engineering\",\"Security and risk management\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/\",\"name\":\"Implementing strong user authentication with Windows Hello for Business\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/04\\\/7117_hero.jpg\",\"datePublished\":\"2025-04-17T16:00:00+00:00\",\"dateModified\":\"2025-12-08T16:49:26+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/e760383087e27b1a34dab6888c00fe20\"},\"description\":\"Read how Windows Hello for Business helps us improve our network security for employees and vendors internally here at Microsoft.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/04\\\/7117_hero.jpg\",\"contentUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2023\\\/04\\\/7117_hero.jpg\",\"width\":1040,\"height\":585,\"caption\":\"We implemented Windows Hello for Business to help increase security when our employees and vendors access corporate resources.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-strong-user-authentication-with-windows-hello-for-business\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Implementing strong user authentication with Windows Hello for Business\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/e760383087e27b1a34dab6888c00fe20\",\"name\":\"David Hirning\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=gc7c1a3ec3eb99a661ac29f1f96fa7024\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g\",\"caption\":\"David Hirning\"},\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/author\\\/dhirning\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Implementing strong user authentication with Windows Hello for Business","description":"Read how Windows Hello for Business helps us improve our network security for employees and vendors internally here at Microsoft.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/","og_locale":"en_US","og_type":"article","og_title":"Implementing strong user authentication with Windows Hello for Business","og_description":"Read how Windows Hello for Business helps us improve our network security for employees and vendors internally here at Microsoft.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/","og_site_name":"Inside Track Blog","article_published_time":"2025-04-17T16:00:00+00:00","article_modified_time":"2025-12-08T16:49:26+00:00","og_image":[{"width":1040,"height":585,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/04\/7117_hero.jpg","type":"image\/jpeg"}],"author":"David Hirning","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Hirning","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/"},"author":{"name":"David Hirning","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/e760383087e27b1a34dab6888c00fe20"},"headline":"Implementing strong user authentication with Windows Hello for Business","datePublished":"2025-04-17T16:00:00+00:00","dateModified":"2025-12-08T16:49:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/"},"wordCount":2258,"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/04\/7117_hero.jpg","keywords":["AI","digital transformation","Employee experience","Microsoft Azure","Modern engineering","Security and risk management"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/","name":"Implementing strong user authentication with Windows Hello for Business","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/04\/7117_hero.jpg","datePublished":"2025-04-17T16:00:00+00:00","dateModified":"2025-12-08T16:49:26+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/e760383087e27b1a34dab6888c00fe20"},"description":"Read how Windows Hello for Business helps us improve our network security for employees and vendors internally here at Microsoft.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/04\/7117_hero.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/04\/7117_hero.jpg","width":1040,"height":585,"caption":"We implemented Windows Hello for Business to help increase security when our employees and vendors access corporate resources."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Implementing strong user authentication with Windows Hello for Business"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/e760383087e27b1a34dab6888c00fe20","name":"David Hirning","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=gc7c1a3ec3eb99a661ac29f1f96fa7024","url":"https:\/\/secure.gravatar.com\/avatar\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g","caption":"David Hirning"},"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/dhirning\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/04\/7117_hero.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-2BN","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/10031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=10031"}],"version-history":[{"count":19,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/10031\/revisions"}],"predecessor-version":[{"id":21375,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/10031\/revisions\/21375"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/10033"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=10031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=10031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=10031"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=10031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}