Starting with build 1607, Windows 10 does not allow the 'convenience pin' for domain-joined logons by default, out-of-the box. This same device was connected at one point to Azure AD and it worked fine with a PIN so it seems the hardware is perfectly capable of using the PIN.īut I am now stuck as to what settings I need to change to enable to PIN for this local domain-joined device. 'Windows Hello isn't available on this device'
Under the Windows Hello section it states After restarting client I still was not able to login with PIN, and on top of that the PIN setting within Settings was now greyed out. So I went ahead and enabled Windows Hello for Business as well. If you enable this policy setting, a domain user can set up and sign Templates\Windows Components\Windows Hello for Business. To configure Windows Hello forīusiness, use the policies under Computer configuration\Administrative 'In Windows 10, convenience PIN was replaced with Windows Hello PIN,
So, following the help provided on that setting:
But after logging off, and even restarting, it kept asking for a password not PIN. This did allow me to set a PIN on the client PC (previously this option was greyed out). First I tried enabling PIN using Computer Configuration/Administrative Templates/System/Logon/Turn on convenience PIN sign-in.
