This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 21%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Good morning,
I have read the following article and every other article I could find regarding this hurdle. I have made registry DWORD changes and I have created new DWORD values and nothing I have done has yielded any noticeable changes. My question is very simple, but it's starting to look like it is not possible or I'm doing something wrong which is ALWAYS possible :o)
Scenario:
Azure AD Hybrid joined devices
Windows Hello For Business - enabled from Endpoint (no domain GPO's configured)
Setup PIN successfully
On CTRL+ALT+DEL Windows logon page at boot I can select sign-in options > PIN and it works great
Ask:
How can I make PIN sign-in option default instead of password?
Things I understand to be true:
What am I missing? Seems like such a simple ask. Any guidance or ideas that I might can try would be greatly appreciated.
Thanks,
CWT
@CWT Thanks for posting in our Q&A. Honestly, I'm not sure if it is possible. From intune's point of view, there is no settings to make it.
Please understand that what intune can do is based on windows CSPs. For this feature, it is more related to windows. To get more help, I will add "windows-10-security" tag. Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
You can try to check enabling passwordless security key sign-in to Windows devices with Azure Active Directory.
For hybrid Azure AD joined devices, organizations can configure the following Group Policy setting to enable FIDO security key sign-in. The setting can be found under Computer Configuration > Administrative Templates > System > Logon > Turn on security key sign-in.
This Group Policy setting requires an updated version of the CredentialProviders.admx Group Policy template.
This might help in neglecting passwords and adding a security key for login. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-windows
---------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 5%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
I came across this in a pilot we ran recently. I discovered that we had an intune policy enabled which caused the issue. "Hide last signed-in user". Once i disabled this policy the last signed-in method was remembered.
