do you have the answer for this?
Microsoft Entra ID (Azure AD) enterprise application single sign-on failing with Windows Hello for Business authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 68%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Lauram Muller
0
Reputation points
Hi community, we migrated our corporate identity platform to full cloud native with Entra ID and Windows Hello for Business (WHfB) PIN/Biometric sign-on. The issue is that when users log into their laptops using their WHfB PIN, our internal legacy web applications on the local network still prompt them for a standard password, breaking our SSO flow.
Windows for business | Windows 365 Enterprise
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 31%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXC%3C/text%3E%3C/svg%3E)
Xin Chang 25 Reputation points2026-06-08T08:48:16.95+00:00 -
Xin Chang 25 Reputation points
2026-06-08T08:49:48.45+00:00 Can anyone fix this? I have the same issue, wheneve i log in using PIN, it keeps asking me over and over
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Harry Phan 22,230 Reputation points Independent Advisor2026-06-08T08:50:23.4966667+00:00 Hi Lauram,
Right now your users sign in with Windows Hello for Business, which uses a secure key instead of a password. That works fine for cloud apps tied to Entra ID, but your older internal web apps still expect a traditional password, so they ask for it again. To fix this, you either need to modernize those apps to support Entra ID sign-in, or set up a hybrid mode where your on‑prem servers can recognize the Hello key and issue the same type of ticket those apps expect. Without one of those changes, the password prompts will continue. In short: either upgrade the apps to modern authentication or configure hybrid Hello so the legacy systems can trust the PIN/biometric login.
Harry.