TL;DR I'm being asked to setup WHfB without setting up any on-prem or Azure infrastructure using only Intune. Is this even possible? I'm getting conflicting messages from the documentation and marketing info.
I have a GCC High environment that we need to setup WHfB in, but the environment has no Azure infrastructure aside from AAD, nor on-prem infrastructure and we don't want to set any up if at all possible. AAD/Intune is all I have to work with at the moment. For the requirement we had, we have 2 other options that we've declined because of the on-prem/Azure infrastructure requirements. If we do need to setup some infrastructure for this, we'll probably go with one of those 3rd parties instead.
I'm seeing a few articles and marketing material that suggest you can set it up using only Intune, but the documentation at https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-ident... would suggest otherwise, and the documentation in Intune at https://docs.microsoft.com/en-us/mem/intune/protect/windows-hello seems to just be policies related to enabling/disabling it with Intune, not for setting it up to be used with Intune only.
Has anyone setup WHfB without a domain controller and federation services? and if so, could I get pointed in the direction of some documentation on doing so?
I'm tagging this gov. IT since it's a GCC High environment, and Intune because we're looking to do this with Intune... Didn't see an obviously better place to put this, but Mods feel free to move it if you think otherwise :)