The last time I experienced this issue we resolved it re-login Microsoft account on the user computer also removing the ping then registering again (Last step in this guide) but this is not the best solution for a large environment
I will share the step I did a long time ago I hope this work for you while Intune Team works on the ticket.
Check if Windows Hello for Business is Hybrid or Cloud-Only
- If the environment is Hybrid Azure AD Joined, there may be GPO vs. Intune conflicts.
- Run this PowerShell command to check the join status:
powershell
CopyEdit
dsregcmd /status
- If both "AzureADJoined" and "DomainJoined" are YES, verify that there’s no conflicting GPO controlling PIN settings.
Confirm PIN Reset Flow and Try Enforcing PIN Reset via PowerShell
If users are changing their PIN outside the standard Windows Hello for Business flow, PIN history enforcement may not be applied correctly.
Force PIN reset via PowerShell:
powershell
CopyEdit
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork" -Name "PINComplexity" -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity" -Name "History" -Value 5 -Type DWord
gpupdate /force
Then restart the system and test again.
Check Windows Hello for Business Credentials Storage
Sometimes, credential caching can bypass PIN history enforcement. Clear Windows Hello credentials and re-register:
- Open Settings > Accounts > Sign-in options.
- Under Windows Hello PIN, select Remove.
- Restart and set up a new PIN. Check if Windows Hello for Business is Hybrid or Cloud-Only
- If the environment is Hybrid Azure AD Joined, there may be GPO vs. Intune conflicts.
- Run this PowerShell command to check the join status:
powershell CopyEdit dsregcmd /status
- If both "AzureADJoined" and "DomainJoined" are YES, verify that there’s no conflicting GPO controlling PIN settings.
powershell CopyEdit New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork" -Name "PINComplexity" -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity" -Name "History" -Value 5 -Type DWord gpupdate /force
Then restart the system and test again.
**Check Windows Hello for Business Credentials Storage**
Sometimes, credential caching can bypass PIN history enforcement.
**Clear Windows Hello credentials and re-register:**
1. Open **Settings > Accounts > Sign-in options**.
1. Under **Windows Hello PIN**, select **Remove**.
1. Restart and set up a new PIN.