Information
This policy setting determines whether enhanced anti-spoofing is configured for devices which support it.
The recommended state for this setting is: Enabled
Enterprise managed environments are now supporting a wider range of mobile devices, increasing the security on these devices will help protect against unauthorized access on your network.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled :
Computer Configuration\Policies\Administrative Templates\Windows Components\Biometrics\Facial Features\Configure enhanced anti-spoofing
Note: This Group Policy path is provided by the Group Policy template Biometrics.admx/adml that is included with the Microsoft Windows 10 Release 1511 Administrative Templates (or newer).
Note #2: In the Windows 10 Release 1511 and Windows 10 Release 1607 & Server 2016 Administrative Templates, this setting was initially named
Use enhanced anti-spoofing when available
. It was renamed to
Configure enhanced anti-spoofing
starting with the Windows 10 Release 1703 Administrative Templates.
Impact:
Windows will require all users on the device to use anti-spoofing for facial features, on devices which support it.