Hey everyone! I'm currently testing out Windows Hello For Business with some cloud trust configurations and a couple of Entra-only machines for PIN authentication. Here's the thing: when users click on "I forgot my PIN" during login, they're prompted for their password to reset the PIN, which they might not remember at all. Just a few weeks ago, it was different; they only needed to go through an MFA prompt. I'm kind of stuck on this—any ideas?
2 Answers
That seems to be how it's supposed to work. Users will need to know their password at some point in the process, unfortunately. Even though Windows Hello aims for password-less access, the initial reset does require a password to get rolling again.
I think the confusion comes from the idea that Hello for Business doesn't completely eliminate passwords. While it offers a password-less experience, users still need a password to reset a PIN or perform initial setup. Each PIN is tied to the device's hardware too, so it won't work across different machines without re-enrollment. However, when working properly, users can eventually log in with biometrics, which is pretty cool!
Thanks for clarifying! I do think my setup might be affecting this since I managed to reset my PIN without needing a password using MFA. I’ll explore if it’s linked to my Microsoft Authenticator settings.