Allow companion device for secondary authentication

This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello.

If you enable or do not configure this policy setting, users can authenticate to Windows Hello using a companion device.

If you disable this policy, users cannot use a companion device to authenticate with Windows Hello.


Supported on: At least Windows 10 Server, Windows 10 or Windows 10 RT
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\SecondaryAuthenticationFactor
Value NameAllowSecondaryAuthenticationDevice
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

devicecredential.admx

Administrative Templates (Computers)

Administrative Templates (Users)