It may be worth mentioning this PC is Azure AD-joined.
Confused on this statement. How are you applying GPOs? GPOs are unrelated to Azure AD joined systems.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi All,
I'm having an issue attempting to setup Windows Hello PIN within my organization. I have attempted to configure in both GPO and MDM (Intune). I attempted both separately and together as I know there is a possiablily for conflict when configuring in both.
In GPO on both Domain Controller and local machine (attempted independently and together) I configured both:
Administrative Template > Windows Components > Windows Hello for Business > Use Windows Hello for Business = Set to Enable
and
Administrative Template > System > Logon > Turn on Convenience PIN Sign-in = Set to Enable
I also made sure policy was linked to proper OU and scope filtering was setup correctly and ran gpupdate /force after configuring (completed successfully)
Result - This enables the option to use and setup the PIN but when attempting to sign in with PIN I receive errors (I will attach errors below)
I have also attempted to configure this in Intune as well using the following configuration.
I have made sure both my Computer name and User is in the proper security group specified in policy and that my device was in compliance and recently checked in.
Result - again this enables the option to use and setup the PIN but when attempting to sign in with PIN I receive errors (I will attach errors below)
The Errors I'm receiving.
After Entering PIN
After Clicking "Okay"
Then I attempt to "Setup my PIN" and get
I checked Event Viewer and I'm getting Audit Failure with EventID 4625 during those times
I attempted to look this up online and saw some people where having luck with taking ownership and renaming or deleting contents of the "ngc" folder located at C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft
I tried this using a local Admin account to complete this process still with no luck in resolving the issue.
Here is my window version:
Any help would be greatly appreciate. Please let me know if there is any additional information I can provide.
Thank you,
It may be worth mentioning this PC is Azure AD-joined.
Confused on this statement. How are you applying GPOs? GPOs are unrelated to Azure AD joined systems.
Convenience PINs are not the same thing as WHfB PINs. See https://support.microsoft.com/en-us/topic/254aa584-443b-ec69-c417-ee4020dc9d1d for details.