How to Configure Dell Encryption Enterprise to Authenticate With Windows Hello

Summary: Learn step-by-step instructions to configure Windows Hello to work with Dell Encryption Enterprise.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

This article outlines how to configure Azure and the Dell Security Management Server or Dell Security Management Server Virtual to support Windows Hello Authentication. This configuration can be used with Dell Encryption Enterprise.

Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual
  • Dell Encryption Enterprise

Affected Versions:

  • v11.0 and later

Affected Operating Systems:

  • Windows
  • Linux

Starting with Dell Encryption Enterprise version 11.0, Policy-Based Encryption clients can now activate with Windows Hello-based credentials. These include Windows Hello PIN, Windows Hello Facial Recognition, Windows Hello Fingerprint, and several other mechanisms for these token-based authentication methods.

Authentication is configured in two steps:

  1. Generating an application registration within Azure Active Directory. This requires that the on-premises Active Directory environment is being synced. For more information, reference Integrate on-premises Active Directory domains with Microsoft Entra IDThis hyperlink is taking you to a website outside of Dell Technologies..
  2. Configuring the Dell Security Management Server.

Click the appropriate configuration for more information.

Azure Active Directory

This configuration process allows the Dell Security Management Server or Dell Management Security Server Virtual to validate Windows Hello tokens.

Caution: This process requires a user account with Application Administrator (or higher) permissions.
  1. Log in to the Azure web portal at Microsoft AzureThis hyperlink is taking you to a website outside of Dell Technologies. with an account that has Application Administrator or higher privileges.
  2. Go to the Azure Active Directory configuration page.
    Azure Active Directory configuration page
  3. Select App registrations from the left pane, and then click New registration from the right pane.
    New Registration
  4. Populate a Name for the application.
    Register an application name
    Note:
    • The application in the example image has been given the name DellEncryption-WindowsHello. This may differ in your environment.
    • The application name cannot match another app registration.
  5. Select the appropriate account type for your environment.
    Account type
    Note: Most environments will only be authenticating for the currently configured organizational directory.
  6. Set the Redirect URI platform to Public client/native (mobile & desktop). The Redirect URI may be any address with a prefix of https://.
    Redirect URI
    Note:
    • This value is used later within the Redirect URI setting in the Dell Security Management Server.
    • The redirect URI is required for passwordless authentication with Dell Encryption Enterprise.
  7. Click Register.
    Register button
  8. From the overview of the app registration, record the values for Application (client) ID and Directory (tenant) ID.
    Application (client) ID and Directory (tenant) ID
    Note: The values that are recorded in this step are used when configuring the Dell Security Management Server.
  9. Select API permissions from the left pane and then click Add a permission from the right pane.
    API permissions
  10. From the pane that appears on the right, select Microsoft Graph from the Microsoft APIs.
    Microsoft Graph
  11. Click Delegated permissions.
    Delegated permissions
  12. Select offline_access, openid, and profile, then click Add permissions.
    Select permissions
  13. Select Grant admin consent for [ORGANIZATION].
    Configured permissions
    Caution: Only users with Application Administrator (or higher) permissions may grant admin consent.
    Note: [ORGANIZATION] = The organization name for the environment
  14. Click Yes.
    Grant admin consent confirmation
    Note:
    • The permission changes are made organization-wide.
    • When granted, the permissions show a green checkmark in the status column.

Dell Security Management Server

The configured application registration within Azure Active Directory is used to configure Password less Authentication within the Dell Security Management Server.

Caution: This process requires a user account with Security Administrator or System Administrator permissions.
  1. Sign in to the Dell Data Security administration console.
    Dell Data Security administration console Sign in
    Note: For more information, reference How to Access the Dell Data Security Server Administration Console.
  2. From the left menu pane, click Populations, and then Domains.
    Populations and Domains
  3. Select your domain.
    Domains
    Note: The domain name will differ in your environment.
  4. Click Settings.
    Settings
  5. From the Domain Detail settings:
    1. Select Password less Authentication.
    2. Select Azure AD.
    3. Populate Authority with https://login.microsoftonline.com/[DIRECTORYTENANTID]/v2.0/. This field is highlighted red in the example image.
    4. Populate Client ID with the Application (client) ID in GUID format from the configured Azure Active Directory environment. This field is highlighted orange in the example image.
    5. Populate Redirect Uri with the created URL. This field is highlighted green in the example image.
    6. Populate Server Resource Id with the site used to process the authentication token. This is paired with Authority and Client ID to ensure that the proper method is used during registration.
    7. Populate the User Name and Password of the configured domain administrator.
    8. Click Update Domain.

    Domain Detail
    Note:
    • [DIRECTORYTENANTID] = The Directory (tenant) ID from the Azure Active Directory configuration information (Step 8)
      • The Authority field uses the leveraged URI to begin the communication for attempting to resolve the token during the user’s activation attempt. The Authority is the primary server (URL) that we must connect to. This contains the validation mechanism for the users that we are requesting to validate against that service.
    • The Client ID should be populated with the Application (client) ID from the Azure Active Directory configuration information (Step 8).
      • The ClientID field directs us to communicate with a specific application on the tenant that we have defined.
    • The Redirect Uri should be populated with the created URL from the Azure Active Directory configuration information (Step 6).
      • This is a specific resource that we host to show how we want to relogin to the application if there are login errors.
    • The Server Resource Id should be populated with https://graph.microsoft.com/ when using Azure Active Directory.
      • This is the primary point on the target authority where the native app communicates to for us to get information about the users. With Azure, this is going to be on the Azure backend to ensure that we are conferring with the Azure authentication mechanisms.
    Endpoints running Dell Encryption Enterprise’s Policy-Based Encryption are now able to authenticate using Windows Hello credentials on supported Dell Encryption Enterprise releases.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Dell Encryption
Article Properties
Article Number: 000188216
Article Type: How To
Last Modified: 22 Sept 2025
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.