Here's a brief description of how to improve the security of your Windows 10 logins at the same time as improving the user experience.
Combine Windows Hello for Business and custom URI settings to enable multi factor authentication for your users.
Windows Hello for Business can be enabled centrally using either Intune or Group Policy Object (GPO) configuration, this solution provides a secure and highly usable means of using biometrics such as facial or fingerprint recognition for your users to sign in.
Multi-factor authentication custom URIs deployed using Intune or GPO to your Windows 10 clients can be used to enforce your choice of first and second factors. Your choice of second factors should include a device i.e. the thing you hold or own, this can be something cool like a 'wearable' or smartphone.
Within the custom URI you can specify the type of 2nd factor device, it's communication channel and also the minimum signal strength which also related to the distance between the device and your laptop.
There are plenty of other settings you can enable such as dynamic locking to lock your device as you walk away and also different methods of recovering your login pin, the choice is broad. It's entirely possible to include IP related rules to trigger the second factor only when off premise.
So by combining the power of Windows Hello, Intune and multi-factor authentication you can dramatically increase security whilst making your users happier, not a common outcome!
This post briefly describes the security options available even in cloud only deployments, should you require our services to deploy this solution or even want to throw around some ideas, please let us know via LinkedIn or get in touch at: firstname.lastname@example.org or call us on 0161 2509310.
My LinkedIn profile is here: https://www.linkedin.com/in/jasonba4s/