Windows Hello for Business (WHfB) is a strong, two-factor authentication method that is tied to a specific device, in this case, the user's laptop. It uses a biometric gesture (face, fingerprint) or a PIN to unlock a private key stored securely on the device's Trusted Platform Module (TPM). The authentication process itself happens on the laptop. Since the laptop has a wired internet connection, it can communicate with Azure AD to complete the authentication. This method does not depend on any form of mobile phone connectivity (cellular or Wi-Fi), making it the only suitable option for the described remote work scenario.

A. a notification through the Microsoft Authenticator app

This method sends a push notification to a mobile phone, which requires the phone to have an active internet connection (Wi-Fi or mobile data), both of which are unavailable.

B. an app password

App passwords are a legacy workaround for older applications that do not support modern authentication. They are not a primary MFA method for interactive user sign-ins.

D. SMS

This method sends a verification code via a text message to a mobile phone, which requires cellular service. The scenario explicitly states there is no mobile phone connectivity.

---

1. Microsoft Learn. (2023). How Windows Hello for Business works - Authentication. "Windows Hello for Business is a strong

two-factor credential that is bound to a device and uses a biometric or PIN." This confirms it is a 2FA method tied to the device itself

not a separate phone.

Section: Authentication with Windows Hello for Business > Two-factor authentication

2. Microsoft Learn. (2024). Authentication methods and features - Azure Active Directory. This document details the requirements for various methods.

Section: Microsoft Authenticator > "The user receives a notification on their smartphone..." (implies connectivity is needed).

Section: SMS > "A text message is sent to a mobile phone number..." (requires cellular service).

Section: Windows Hello for Business > "Windows Hello for Business lets users sign in to their Windows devices with a PIN or a biometric gesture." (device-centric).

3. Microsoft Learn. (2023). Manage app passwords for two-step verification. "Certain non-browser apps

such as Outlook 2010

don't support two-step verification. This lack of support means that if you're using two-step verification in your organization

the app won't work. To get around this problem

you can use an app password..."

Section: Overview. This clarifies that app passwords are a compatibility solution

not a standard MFA method for modern interactive sign-ins.