![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
7,023 questions
Hello
Thanks for posting in Microsoft Community.
This issue may be caused by multiple reasons. Here are some troubleshooting steps and solutions that may help you solve the problem.
- Check Windows Hello for Business configuration
Windows Hello for Business needs to be correctly configured in Group Policy and Azure Active Directory (AAD) or Active Directory (AD). Make sure there are no configuration issues.
Check Group Policy configuration:
Confirm that Windows Hello for Business is enabled on the device and the relevant policies are configured correctly.
On a domain controller or administrative computer, open Group Policy Management.
Check the following Group Policy settings:
Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business:
Use Windows Hello for Business: Set to Enabled.
Enable biometrics: Set to Enabled.
Enable convenience PIN sign-in: Set to Enabled.
Make sure PIN complexity is set correctly if you have a custom PIN length or complexity policy.
Computer Configuration > Administrative Templates > System > PIN complexity.
Configure devices through Intune or Group Policy:
If you are managing Windows Hello for Business through Intune or Group Policy, make sure that the configuration is applied correctly to users and devices.
For Azure AD joined devices, in the Intune admin center:
Go to Devices > Windows > Profiles > Create profile > Windows 10 and later.
Make sure Windows Hello for Business is enabled in the Identity Protection section.
Enable TPM (Trusted Platform Module):
Windows Hello for Business relies on TPM 2.0, and if TPM is not enabled on the device, you will not be able to log in using biometrics or PIN. Check if TPM is enabled on the device:
Start > Run > Type tpm.msc > Enter.
If TPM is not enabled, you need to enable TPM in BIOS setup.
Make sure the device is hybrid Azure AD joined (if applicable)
If your environment is hybrid Azure AD joined (on-premises AD synced to Azure AD), make sure the device is correctly joined to Azure AD. Windows Hello for Business requires this to authenticate with the cloud service.
Make sure the device is properly joined to Azure AD.
Check that Azure AD Connect is configured correctly to sync devices and accounts from your on-premises AD to Azure AD.
Confirm that the device is listed and properly joined in Azure Active Directory Admin Center > Devices.
Verify device registration and sync
Windows Hello for Business requires that the device is properly registered and synced with Azure AD or Active Directory.
Check device registration status:
If the device is Azure AD joined, make sure it is properly registered with Azure AD. Sometimes, a failure in the registration process can prevent Windows Hello from working properly.
Go to Settings > Accounts > Access work or school to check the status of a registered device.
If needed, you can re-register the device by removing and re-adding the account.
Verify sync issues:
If hybrid join is done with Azure AD Connect, verify that the device is syncing properly. You can check the Azure AD Connect sync status.
Review Windows Hello Errors in Event Logs
To diagnose the root cause, you can review Event Viewer for errors related to Windows Hello for Business, PIN, or Fingerprint authentication.
Open Event Viewer (enter eventvwr.msc).
Navigate to Applications and Services Logs > Microsoft > Windows > User Device Registration and Security.
Review for any errors related to Windows Hello for Business, PIN, or biometric sign-in.
Common errors may indicate the following issues:
TPM-related errors: if the TPM device is inaccessible or not working properly.
Authentication errors: if communication with Azure AD or Active Directory fails.
I hope the above information is helpful.
Regards,
Runjie Zhai