4.4 Canceling a Windows Hello credential

You can use the Erase Card workflow to remove the certificates from a Windows Hello credential on the local PC; however, this is only possible if you can log on to Windows as the owner of the Windows Hello credential.

If you cannot access the Windows Hello credential directly, you can use the Cancel Device option in the MyID Operator Client to cancel the owner's access to MyID and revoke the certificates that were issued to Windows Hello.

This does not remove the certificates from the PC, but revokes them on the certificate authority so they are no longer valid. You can then use Microsoft tools to remove the certificates from the Windows Hello credential; you can configure a group policy to remove revoked certificates from Windows Hello – see the Microsoft Windows Hello documentation for details.

Note: You can also use the Cancel Credential workflow in MyID Desktop to cancel a Windows Hello credential. See the Canceling a credential section in the Operator's Guide for details.

To cancel a Windows Hello credential:

  1. Search for a device, and view its details.

    From the Device Type drop-down list on the search form, select Windows Hello.

    See the Searching for a person section in the MyID Operator Client guide for details of using the search form.

    You can also view a device from any form that contains a link to the device.

    For example:

    • Click the item in the list on the Devices tab of the View Person form.
    • Click the link icon on the Device Serial Number field of the View Request form.

  2. Click Cancel Device option in the button bar at the bottom of the screen.

    You may have to click the ... option to see any additional available actions.

    The Cancel Device screen appears.

  3. Select the Reason for the cancellation from the drop-down list.

    This reason affects how MyID treats the certificates on the Windows Hello credential.

    See the Certificate reasons section in the Operator's Guide for details of how each reason affects the certificates.

  4. Type any Notes on the cancellation.

    You can provide further information on your reasons for canceling the Windows Hello credential. This information is stored in the audit record.

  5. Click Save.