Do you know that you can sign into your Windows 10 device without needing a password? All Windows 10 devices have a built-in security feature that allows you to sign in just by using an external device, such as a smartphone or USB key. This feature is powered by the Companion Device Framework, which works alongside the Windows Hello companion device authentication to streamline the login process.
This Windows companion device model is convenient for users who don’t want to rely heavily on traditional passwords—touted to be a vulnerability in modern user authentication (SSH). Even so, not all environments would benefit from companion device sign-in. IT admins and MSPs may decide to disable Windows Hello sign in using a companion device for security hardening reasons.
In this guide, we’ll walk you through how to manage companion device Windows 10 settings, whether you want to enable them for convenience or disable them to reduce risk.
How to enable or disable companion device sign-in
Method 1: Using Group Policy Editor (for Windows 10 Pro & Enterprise only)
1. Open the Group Policy Editor
Press Windows + R to open the Run dialog box. Type gpedit.msc and press Enter.
2. Navigate to companion device policies
In the left-hand pane, go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Companion Device Framework
3. Edit the “Enable Companion Device Sign-In” policy
Find and double-click Enable Companion Device Sign-in in the right-hand pane. A new window will appear. You will see three options:
- Enabled: Sign-in using companion devices is allowed.
- Disabled: Sign-in using companion devices is not allowed.
- Not configured: Windows is set at default, which allows companion devices if supported.
4. Apply and restart
Select your desired setting and click Ok. Close the Group Policy Editor and restart your computer to ensure changes take effect.
Method 2: Using the Registry Editor (for Windows 10 Home & all versions)
⚠️ Always be cautious when editing the Registry Editor. Accidental changes can negatively affect system behavior.
1. Open the Registry Editor
Press Windows + R to open the Run dialog box. Type regedit and press Enter.
2. Navigate to the companion device key
In the Registry Editor, navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Authentication\EnableCompanionDevice
3. Modify or create the EnableCompanionDevice value
Look for the DWORD (32-bit) value named EnableCompanionDevice. If it doesn’t exist, right-click on an empty space, select New > DWORD (32-bit) Value, and name it EnableCompanionDevice.
4. Set the value
Double-click on the EnableCompanionDevice entry and set the value to either 1 to enable companion device sign-in or 0 to disable it. Click Ok to save the changes.
5. Apply the changes
Close the Registry Editor and restart your PC to ensure that the changes take effect.
Alternative method to configure companion device in Windows 10
In some Windows 10 builds, users may see limited controls for companion devices in the Settings app under Accounts > Sign-in options. While this area can be used to add or remove companion devices, it doesn’t offer full administrative control. As such, while an alternative method, it’s not usually recommended. We suggest following either the Group Policy or the Registry Editor methods mentioned above instead.
Keep in mind that this method is user-facing and doesn’t override system-level policies. If a companion device is already registered and supported, users might see options to manage it here, but disabling the feature entirely still requires Group Policy or Registry changes.
Troubleshooting & common issues
Companion device sign-in option is missing
What it is: The option to sign in using a companion device does not appear in Settings, or is not available during the login process.
Why this happens: This can happen when the system does not support the Companion Device Framework or when a group policy or registry setting prevents it from being used. Additionally, if Windows Hello is configured with conflicting settings, it may hide companion device options.
How to resolve it: Verify that your device supports companion device Windows 10 functionality and that the necessary drivers are installed. Check that the “Enable Companion Device Sign-In” policy is not set to Disabled (or with the value of 0) and that the Registry key is correctly configured. It may be a good idea to update your Windows to the latest version as well. We’ve written a guide on how to update Windows 10 EOL versions for further information.
Changes made in the Registry Editor do not take effect
What it is: After modifying the Registry key to enable or disable Windows Hello companion device sign-in, the system continues to behave as before your changes.
Why this happens: This typically happens when your computer hasn’t been rebooted after making changes. In some cases, this can occur when the DWORD value is created incorrectly or in the wrong location. On domain-joined machines, Group Policy may override Registry settings.
How to resolve it: Double-check that the DWORD value of EnableCompanionDevice is created under the correct path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Authentication\EnableCompanionDevice . Make sure that the value is either 0 (to disable) or 1 (to enable). Then, restart the machine. If you’re part of a managed domain, check whether group policies are enforcing any conflicting setting.
Group Policy settings are not applying
What it is: When changes in Group Policy settings are not reflected in system behavior.
Why this happens: This can occur when your updates haven’t been enforced or your computer hasn’t restarted. Sometimes, it can happen when there may be policy conflicts, especially in domain-managed environments where multiple layers of policies exist.
How to resolve it: Run gpudate /force in an elevated Command Prompt to force the policies to apply. Afterward, reboot your system. Check for any conflicting policies using the Resultant Set of Policy (RSoP) tool or the Group Policy Results Wizard in gpmc.msc if you’re on a domain.
💡 Some useful references:
- An Overview of Group Policy Management Console: What You Need to Know
- How to Get to the Group Policy Editor in Windows 10
- GPUpdate: How to Force a Group Policy Update Remotely
Companion device still works after being disabled
What it is: The system still allows a sign-in using a companion device even after it has been disabled through policy or the Registry.
Why this happens: Cached authentication data or active user sessions might still allow a device to be used temporarily. In some cases (though rare), Group Policies or Registry settings have not yet taken effect due to delayed system updates.
How to resolve it: Try restarting your system after making changes for them to take effect. If you’re using Group Policy, confirm that the policy was correctly set to Disabled. In the Registry, make sure the value is set to 0 and not missing. Consider removing the registered device from Settings > Accounts > Sign-in options to prevent reuse.
Cannot register a new companion device
What it is: Attempts to pair a new companion device for sign-in fail, or the device is not detected during registration.
Why this happens: There are various reasons why this may happen, including driver issues or the intended device.
How to resolve it: Update both Windows and the companion device’s firmware or software. If the device is from a third-party vendor, make sure that it explicitly supports companion device sign-in under the Windows 10 ecosystem. If ever, you may need to use a companion app from the device’s manufacturer to complete the pairing.
FAQs for managing a Windows Hello companion device
Which device can be used as a companion device?
Supported devices include some smartwatches, smartphones, fitness bands, USB security keys, and similar hardware with built-in authentication features. The key requirement is that the device must be compatible with Microsoft’s Companion Device Framework.
Can I use this feature on Windows 11?
Windows 11 still supports some companion devices, but Microsoft is moving toward broader adoption of Windows Hello and FIDO2 standards for passwordless sign-ins. This means the companion device support may be limited or deprecated in future releases.
Does disabling this feature remove registered companion devices?
No. Disabling companion device sign-in simply blocks the ability to use them for authentication. Any devices that have been previously set up will remain registered unless they are manually removed via Settings or third-party apps.
Why don’t I see the option in my Windows version?
The Group Policy method will not work (and is unavailable) if you use Windows 10 Home. If this is your version, try using the Registry Editor method above. In addition, keep in mind that some Windows editions may not include the necessary policy templates unless they’re updated or joined to a domain.
Setting up a companion device in Windows 10
Companion device sign-in can be a convenient and secure way to authenticate login credentials in Windows 10. However, it may not always be the best choice for every environment, especially if you’re sharing a device with a co-worker. As an IT professional or MSP, knowing how to enable or disable this feature gives you granular control over your security posture.
