Configure enhanced anti-spoofing
Supported on: At least Windows Server 2016 or Windows 10
Registry
SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures Value name: EnhancedAntiSpoofing
Enabled: EnhancedAntiSpoofing = 1
Disabled: EnhancedAntiSpoofing = 0
Description
This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. If you disable or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.