Disable Windows Hello PIN/biometrics/etc. after setup?

Brice Ruth 25 Reputation points

Good evening. We are managing a small number of Windows 11 machines via the JumpCloud MDM (not integrated with any AD/domain). We can set registry settings, etc. but need to use settings that don't require machines being joined to a domain. We need to disable the use of Windows Hello sign-in options (PIN, biometrics, etc.) - as we're using a different credential provider. I've found settings that seem to disable the option to setup these sign-in options, but these same settings don't appear to disable the ability to use them if they've already been setup. Our particular interest is in disabling these options for UAC authentication, but disabling them for everything is fine.

I came across https://social.technet.microsoft.com/Forums/en-US/5c9d5ed5-877f-4bba-b5be-3be1b97580d3/windows-hello-pin-signin-option-disabling?forum=win10itprogeneral, which seems related, but seemed to try to split hairs - we actually would be fine disabling all the Windows Hello biometrics, including the PIN.

We've tried SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{cb82ea12-9f71-446d-89e1-8d0924e1256e} setting Disabled to 1 and SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowSignInOptions, setting value to 0. Neither of these have had the desired effect (separately or together).

Thanks for any help!

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,073 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,837 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,934 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 44,101 Reputation points

    Hello there,

    You can change the group policy settings to disable the PIN sign-in option for all users.

    Open the Run dialog box by pressing the Windows key and the R key together.

    Type GPEDIT.MSC and hit the Enter key.

    Go to Computer Configuration -> Administrative Templates -> System -> Logon.

    On the right side, double-click on Turn on PIN sign-in and select Disabled.

    Similarly, disable the other Windows Hello options if any.

    Exit the Group Policy editor and reboot the computer.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

0 additional answers

Sort by: Most helpful