Related topics
Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

When you sign in with Windows Hello, your biometric data is stored securely (see here for more technical information).

Malicious users and attackers constantly try to come up with new ways to access your device and access sensitive information. To stop them, you need a secure sign-in process that begins at the biometric sensor, and ends where your profile is stored.

What does Enhanced Sign-in Security do for you?

Enhanced Sign-in Security (ESS) adds a layer of security to biometric data by using specialized hardware and software components, for example Virtualization Based Security (VBS) and Trusted Platform Module 2.0. See here to learn more about ESS.

Note: Copilot+ PCs have ESS enabled by default. For more information, see Copilot+ PC hardware requirements.

Implications when ESS is enabled 

Since the ESS ecosystem is tightly controlled, introducing new items like plug-in cameras and fingerprint readers (FPR) may open the door for potential malicious users to access your biometrics. This is why you can’t use your external camera or FPR to sign into a device that has ESS enabled.

Note: when ESS is enabled, you can still use your external camera with applications like Teams. Such apps don’t rely on biometrics for authentication.

There are some situations where you may want to use an external peripheral for signing in, for example if you use your laptop on a docking station. In such cases, you won't be able to use the external peripheral for sign in, unless you disable ESS. The tradeoff of disabling ESS is that you lower the security of your device.

Configure ESS

You can use the Settings app to configure ESS.

  1. In the Settings app on your Windows device, select Accounts > Sign-in options or use the following shortcut:

    Sign-in options

  2. Under Additional settings > Sign in with an external camera or fingerprint reader, there's a toggle that allows you to enable or disable ESS:

  • When the toggle is Off, ESS is enabled and you can't use external peripherals to sign in. Remember, you can still use external peripherals within apps like Teams

  • When the toggle is On, ESS is disabled and you can use Windows Hello compatible peripherals to sign in

Screenshot of Settings - Disable ESS toggle.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!