Convenience PINs are not the same thing as WHfB PINs. See https://support.microsoft.com/en-us/topic/254aa584-443b-ec69-c417-ee4020dc9d1d for details.
Unable to Sign in with Windows Hello
Hi All,
I'm having an issue attempting to setup Windows Hello PIN within my organization. I have attempted to configure in both GPO and MDM (Intune). I attempted both separately and together as I know there is a possiablily for conflict when configuring in both.
In GPO on both Domain Controller and local machine (attempted independently and together) I configured both:
Administrative Template > Windows Components > Windows Hello for Business > Use Windows Hello for Business = Set to Enable
and
Administrative Template > System > Logon > Turn on Convenience PIN Sign-in = Set to Enable
I also made sure policy was linked to proper OU and scope filtering was setup correctly and ran gpupdate /force after configuring (completed successfully)
Result - This enables the option to use and setup the PIN but when attempting to sign in with PIN I receive errors (I will attach errors below)
I have also attempted to configure this in Intune as well using the following configuration.
I have made sure both my Computer name and User is in the proper security group specified in policy and that my device was in compliance and recently checked in.
Result - again this enables the option to use and setup the PIN but when attempting to sign in with PIN I receive errors (I will attach errors below)
The Errors I'm receiving.
After Entering PIN
After Clicking "Okay"
Then I attempt to "Setup my PIN" and get
I checked Event Viewer and I'm getting Audit Failure with EventID 4625 during those times
I attempted to look this up online and saw some people where having luck with taking ownership and renaming or deleting contents of the "ngc" folder located at C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft
I tried this using a local Admin account to complete this process still with no luck in resolving the issue.
Here is my window version:
Any help would be greatly appreciate. Please let me know if there is any additional information I can provide.
Thank you,
2 answers
Sort by: Most helpful
-
Jason Sandys 31,151 Reputation points Microsoft Employee
2021-10-11T17:30:02.307+00:00 -
Jason Sandys 31,151 Reputation points Microsoft Employee
2021-10-11T19:41:19.53+00:00 It may be worth mentioning this PC is Azure AD-joined.
Confused on this statement. How are you applying GPOs? GPOs are unrelated to Azure AD joined systems.