Hi All,

I can’t seem to get these Intune policies correct for WHfB (Windows Hello for Business)

I want WHfB active using a pin for a customer. I have a test VM setup and registered with WHfB correctly. When you first power on the machine and login, there is no prompt for a pin, only the M365 password. Once logged in, I can lock, or log off and I am prompted with the PIN login. I restart the VM and I am pack to having to use a password for the initial login.

I have WHfB setup in the following areas

Endpoint security | Account protection (Assigned to All devices and All users)Use Windows Hello for Business (Device) – TrueUse Windows Hello for Business (User) – True (tried without this first)Minimum PIN length – 6Devices | EnrollmentConfigure Windows Hello for Business – EnabledTPM – PreferredMinimum PIN length – 6Allow biometric – YesAllow phone sign-in – YesDevices | Configuration (assigned to All users & All devices)Turn on convenience PIN sign-in – EnabledMinimum PIN Length (User) – 6Use Windows Hello For Business (User) – TrueUse Remote Passport – EnabledAllow Use of Biometrics – True

I know there is quite some double up having this configured at all possible levels. I started with Device enrollment and a configuration profile, and then moved to Account protection.

I’m currently going round in circles trying to work out why the initial login isn’t prompting for a PIN.

(I also built a new VM and it’s doing the same thing). Although, first reboot it worked fine from memory.

Thanks in advance Guru’s

​Hi All, I can’t seem to get these Intune policies correct for WHfB (Windows Hello for Business) I want WHfB active using a pin for a customer. I have a test VM setup and registered with WHfB correctly. When you first power on the machine and login, there is no prompt for a pin, only the M365 password. Once logged in, I can lock, or log off and I am prompted with the PIN login. I restart the VM and I am pack to having to use a password for the initial login.I have WHfB setup in the following areasEndpoint security | Account protection (Assigned to All devices and All users)Use Windows Hello for Business (Device) – TrueUse Windows Hello for Business (User) – True (tried without this first)Minimum PIN length – 6Devices | EnrollmentConfigure Windows Hello for Business – EnabledTPM – PreferredMinimum PIN length – 6Allow biometric – YesAllow phone sign-in – YesDevices | Configuration (assigned to All users & All devices)Turn on convenience PIN sign-in – EnabledMinimum PIN Length (User) – 6Use Windows Hello For Business (User) – TrueUse Remote Passport – EnabledAllow Use of Biometrics – True I know there is quite some double up having this configured at all possible levels. I started with Device enrollment and a configuration profile, and then moved to Account protection.I’m currently going round in circles trying to work out why the initial login isn’t prompting for a PIN.(I also built a new VM and it’s doing the same thing). Although, first reboot it worked fine from memory.Thanks in advance Guru’s  Read More

​