Windows Hello not available for laptop after wipe and refresh OS install

Aaron Seet 726 Reputation points
2020-03-30T07:28:50.673+00:00

We tested a Wipe command from Intune to one of our laptops, which we saw removed any workable OS from the SSD. Thus we use the manufacturer's OS recovery image to install a fresh Windows copy back to it.

Since we did not delete the device entries in Intune/AAD, when the fresh OS booted for the first time it went straight back to Windows Autopilot to pace through the enrollment procedure again, which was nice to see it registered as an active device in MDM again.

However, I noticed this copy of Windows never asked to setup Windows Hello (finger print and PIN). Well,

6571-windows-hello-not-available-despite-intune-config.jpg

that shouldn't be the case since we have a configuration profile explicitly enabling Windows Hello. From Intune we can see it's successfully applied to the computer. Or, is that a message of the "past"?

Windows 10 Setup
Windows 10 Setup
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,889 questions
0 comments No comments
{count} votes

Accepted answer
  1. Aaron Seet 726 Reputation points
    2020-03-31T09:01:06.907+00:00

    Due to so many settings changed by Shared PC mode, it's just quicker to perform Autopilot Reset action from Intune to revert affected computers (at least those setup with Windows Autopilot) back to original working state.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Aaron Seet 726 Reputation points
    2020-03-30T08:44:28.833+00:00

    Think we found the culprit. In previous testing, the computer was assigned to an Intune configuration profile for Shared PC mode. After the wipe and OS reinstall, the configuration profile was still valid, causing it to disable Windows Hello options.

    https://learn.microsoft.com/en-us/windows/configuration/set-up-shared-or-guest-pc#shared-pc-mode-concepts

    However, the affected administrative template settings remained even after unassigning the computer from said configuration profile.

    6553-windows-hello-disabled-by-shared-pc-mode.jpg

    Is this supposed to be correct behaviour? That an administrator has to sign into each and every affected computer to adjust/revert affected settings?

    0 comments No comments