question

icelava avatar image
0 Votes"
icelava asked icelava answered

Windows Hello not available for laptop after wipe and refresh OS install

We tested a Wipe command from Intune to one of our laptops, which we saw removed any workable OS from the SSD. Thus we use the manufacturer's OS recovery image to install a fresh Windows copy back to it.

Since we did not delete the device entries in Intune/AAD, when the fresh OS booted for the first time it went straight back to Windows Autopilot to pace through the enrollment procedure again, which was nice to see it registered as an active device in MDM again.

However, I noticed this copy of Windows never asked to setup Windows Hello (finger print and PIN). Well,

6571-windows-hello-not-available-despite-intune-config.jpg

that shouldn't be the case since we have a configuration profile explicitly enabling Windows Hello. From Intune we can see it's successfully applied to the computer. Or, is that a message of the "past"?

windows-10-setup
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

icelava avatar image
0 Votes"
icelava answered

Due to so many settings changed by Shared PC mode, it's just quicker to perform Autopilot Reset action from Intune to revert affected computers (at least those setup with Windows Autopilot) back to original working state.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

icelava avatar image
0 Votes"
icelava answered icelava edited

Think we found the culprit. In previous testing, the computer was assigned to an Intune configuration profile for Shared PC mode. After the wipe and OS reinstall, the configuration profile was still valid, causing it to disable Windows Hello options.

https://docs.microsoft.com/en-us/windows/configuration/set-up-shared-or-guest-pc#shared-pc-mode-concepts

However, the affected administrative template settings remained even after unassigning the computer from said configuration profile.

6553-windows-hello-disabled-by-shared-pc-mode.jpg

Is this supposed to be correct behaviour? That an administrator has to sign into each and every affected computer to adjust/revert affected settings?



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.