Configure enhanced anti-spoofing

This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication.

If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing.

If you disable or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.

Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.


Supported on: At least Windows 10 Server or Windows 10
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures
Value NameEnhancedAntiSpoofing
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

biometrics.admx

Administrative Templates (Computers)

Administrative Templates (Users)