I'm having trouble with an Autopilot laptop that's joined to the domain. The end user normally uses Windows Hello for sign-in, with options like PIN and fingerprint. Recently, the user changed their password while at the lock screen, which caused multi-factor authentication (MFA) to stop working. I reset the MFA through Azure and set up MFA and passkeys again, which did work initially. After rebooting the laptop, the user changed their PIN and fingerprint settings, but now they're no longer prompted for these when trying to sign in to company MFA-required sites. Instead, when they attempt to use their PIN or fingerprint from the lock screen, they get an error saying, "Something went wrong and your PIN isn't available (Status: 0xc000005e, substatus: 0x0)." They can click to set up a new PIN, but this just leads to a never-ending loop. Has anyone encountered this issue and found a solution?
1 Answer
Are you using a hybrid setup or just Entra? Also, are there any other users experiencing similar issues? It might give some more context to the problem.
I managed to solve it! It turns out the MFA was removed from her device but still registered in the system. I had to remove and reset the MFA from Entra. There were still issues registering MFA, even after adding the user to MFA bypass and Passwordless Auth groups. Finally, I ran '**certutil /deletehellocontainer**' in the command prompt under the user's account, which cleared all PINs and fingerprints. After a reboot, the user was prompted to set up their PIN and fingerprint again, and this time the MFA went through successfully. Everything is working now!