This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 55.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
Network setup:
All of our users are in an on-premise AD account, which syncs with Azure Active Directory Connect using password hash authentication (hybrid setup).
Problem
I want users to be able to use a PIN to signin to their machines. I setup a GPO to enable PIN authentication and that has been working fine. I realized though as soon as users sign into their office account using their azure user account, Windows Hello Pin sometimes becomes unavailable. I've been able to help those users set pins by disconnecting their work account from the control panel, setting a pin, then resigning into office.
Last week I rolled out single sign on for office so now it auto authenticates their work account upon signin. This has stopped my trick of signing out to set a pin from working (even if I sign out of office it doesn't let me set it).
Current Group Policy
I believe for the users that do have pins its a convivence pin and not windows hello for business (though on my account I was able to setup a pin and it says "Windows Hello PIN". My only GPO settings for enabling the pin are to set the registry AllowDomainPinLogin and PIN Complexity set to 4.
Question
I've looked through the documentation for Windows hello and it honestly looks overwhelming to setup. I've started to play with it but haven't had much success as theres a lot of documentation to read through. I'm not really sure why my pin works when not signed into office, but then signing in to office disables it. Is there some setting in Azure that is changing it from convince to windows hello pin?
I do want to eventually figure out windows hello, but for the time being I've got people asking me to set a pin so convivence pins are the way to go for now as it sometimes works.
Hi @Joe Jankowiak , sorry for the delay in response! This is a fairly common issue with multiple ways to solve it. Windows Hello can be tricky sometimes. This thread has multiple solutions but this one stands out:
"I was able to get my pin to work simply by going to settings->accounts->your info->then click on sign in with a local account instead then after I complete that restart laptop repeat the process, settings->accounts->your info->then sign in with Microsoft account after you do so it'll ask if you want to set up face recognition then will ask to set up a pin. "
Please try this and see if it works. If not please let me know and I can help you further!
If this answer helped you please mark it as "Verified" so other users may reference it.
Thank you,
James