WHfB prompting for password at first login
Hi All,
I can’t seem to get these Intune policies correct for WHfB (Windows Hello for Business)
I want WHfB active using a pin for a customer. I have a test VM setup and registered with WHfB correctly. When you first power on the machine and login, there is no prompt for a pin, only the M365 password. Once logged in, I can lock, or log off and I am prompted with the PIN login. I restart the VM and I am pack to having to use a password for the initial login.
I have WHfB setup in the following areas
Endpoint security | Account protection (Assigned to All devices and All users)Use Windows Hello for Business (Device) – TrueUse Windows Hello for Business (User) – True (tried without this first)Minimum PIN length – 6Devices | EnrollmentConfigure Windows Hello for Business – EnabledTPM – PreferredMinimum PIN length – 6Allow biometric – YesAllow phone sign-in – YesDevices | Configuration (assigned to All users & All devices)Turn on convenience PIN sign-in – EnabledMinimum PIN Length (User) – 6Use Windows Hello For Business (User) – TrueUse Remote Passport – EnabledAllow Use of Biometrics – True
I know there is quite some double up having this configured at all possible levels. I started with Device enrollment and a configuration profile, and then moved to Account protection.
I’m currently going round in circles trying to work out why the initial login isn’t prompting for a PIN.
(I also built a new VM and it’s doing the same thing). Although, first reboot it worked fine from memory.
Thanks in advance Guru’s
Hi All, I can’t seem to get these Intune policies correct for WHfB (Windows Hello for Business) I want WHfB active using a pin for a customer. I have a test VM setup and registered with WHfB correctly. When you first power on the machine and login, there is no prompt for a pin, only the M365 password. Once logged in, I can lock, or log off and I am prompted with the PIN login. I restart the VM and I am pack to having to use a password for the initial login.I have WHfB setup in the following areasEndpoint security | Account protection (Assigned to All devices and All users)Use Windows Hello for Business (Device) – TrueUse Windows Hello for Business (User) – True (tried without this first)Minimum PIN length – 6Devices | EnrollmentConfigure Windows Hello for Business – EnabledTPM – PreferredMinimum PIN length – 6Allow biometric – YesAllow phone sign-in – YesDevices | Configuration (assigned to All users & All devices)Turn on convenience PIN sign-in – EnabledMinimum PIN Length (User) – 6Use Windows Hello For Business (User) – TrueUse Remote Passport – EnabledAllow Use of Biometrics – True I know there is quite some double up having this configured at all possible levels. I started with Device enrollment and a configuration profile, and then moved to Account protection.I’m currently going round in circles trying to work out why the initial login isn’t prompting for a PIN.(I also built a new VM and it’s doing the same thing). Although, first reboot it worked fine from memory.Thanks in advance Guru’s Read More