Exam MS-101 topic 1 question 9 discussion

it's correct

The answer is A and B, there is the ref. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification

Correct answer is A & B

Answer is A and D. TPM Enabled Devices are now a requirement for Windows Enterprise: Since July 28, 2016, all new device models, lines, or series (or if you're updating the hardware configuration of an existing model, line, or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the Minimum hardware requirements page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see TPM and Windows Features.

The question seems to be incorrectly worded as from my understanding none of the listed answers are requirements for WHFB. Whilst in a hybrid deployment you would need AzureAD (In order for it to be hybrid) you wouldn't ever "Require" TPM, Smartcards or Intune despite it being possible to use all of them in the deployment of WHFB. "Required" would make me assume that it is mandatory regardless of the setup e.g. it is required you need a computer

At first I also answered incorrectly. Problem lies with the question itself... IGNORE the sentence "You are evaluating whether to deploy Windows Hello for Business" because none of the four answers are the WHfB requirements.... Pay attention only to "You plan to create a Microsoft 365 tenant and to upgrade the devices to Windows 10 Enterprise.". If we apply this logic: B - because you plan to create Microsoft 365 tenant. A - because you plan to upgrade the devices to Windows 10 Enterprise (I think it is a modern way to upgrade Pro to Enterprise without sign out). SO the answers are correct? I'm really sad about this kind of questions from Microsoft :(

From the answers provided, TPM and smart cards are definitely NOT required. Intune isn't either, but it given as optional in the official documentation, so choosing that: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification

Correct answer is A & B

Windows Hello for Business definitely possible without TPM or Smart card https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-recommendations

I have set it up and we do not have intune, only ad connect and tpm for devices.

Required: Windows 10, version 1511 or later, or Windows 11 Microsoft Azure Account Azure Active Directory Azure AD Multifactor Authentication Optinoal: Modern Management (Intune or supported third-party MDM), optional Azure AD Premium subscription - optional, needed for automatic MDM enrollment when the device joins Azure Active Directory (from link provided by AniIT)

TPM definitely not required - I use WHFB on my desktop that does not have TPM and I login with a fingerprint reader (or pin). I think A and B is the correct answer because to enable Windows Hello for Business (N.B. not just Windows Hello which can be used on a standalone machine) you need to do this through intune. A user would have to have an account in an AAD tenant also

Answer is correct.

According to the literature neither TPM nor Intune is actually required. However I believe TPM is the better answer. However between the two TPM seems the better answer. The whole point is to use PIN/biometric as a mechanism to load the private key. While this key can be stored on the file system, the whole idea is for it to be stored on TPM. So I think AAD & TPM is correct.

I think the right answer is AAD/TPM. Microsoft state: Modern Management (Intune or supported third-party MDM), optional It's optional not a requirement. The device has to be AAD-joined. Smart cards solution has nothing to do with this. So the only option left is TPM.

A Trusted Platform Module (TPM) provides an additional layer of data security. If set to required, only devices with an accessible TPM can provision Windows Hello for Business. If set to preferred, devices attempt to use a TPM, but if not available will provision using software.

A and B. TPM is NOT a prerequisite for Hello for Business. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification