Forum Discussion

HotCakeX's avatar
Nov 13, 2019

[Solved] Allow PIN support for Windows 10 devices

I want to allow my Windows 10 1909 (Hyper-V VM) to be able to use PIN for sign ins.

I have created a non-administrator account and joined my VM during Windows installation to the AAD from the start.

I also configured this for PIN policy in Windows 10 in Azure portal - Intune

 

 

 

 

 

I created a group in Intune and put my VM device + User into that.

then I assigned this profile that I created for PIN to that group.

added my administrator user as the group owner. 

 

I've also read this article:

https://support.microsoft.com/en-us/help/3201940/can-t-configure-a-pin-when-convenience-pin-and-hello-for-business-poli

 

 

still, in my Windows 10 account settings, there is no sign of PIN. i've waited 2 hours, synced my device from AAD portal and also from Windows settings to receive the latest policies. still nothing.

 

 

I'm running out of clues that why this is not working. any ideas? 

Thanks in advance

  • Okay so I figured out what the problem was.

     

    as I said I was using a VM in Hyper-V, it was in Enhanced session mode, meaning it was connecting to the VM using RDP protocol which is better and more scalable in screen resolution, but that also was preventing Windows Hello for Business to work.

     

     

     

     

    so with Enhanced session mode in Hyper-V, my Windows 10 settings page looked like this:

     

     

     

    and in basic session mode, it looks like this:

     

     

    so that's it, very simple thing that kept me up all night figuring out what I was doing wrong..hope this will help anyone else stuck in the same situation.

     

  • Okay so I figured out what the problem was.

     

    as I said I was using a VM in Hyper-V, it was in Enhanced session mode, meaning it was connecting to the VM using RDP protocol which is better and more scalable in screen resolution, but that also was preventing Windows Hello for Business to work.

     

     

     

     

    so with Enhanced session mode in Hyper-V, my Windows 10 settings page looked like this:

     

     

     

    and in basic session mode, it looks like this:

     

     

    so that's it, very simple thing that kept me up all night figuring out what I was doing wrong..hope this will help anyone else stuck in the same situation.

     

    • MikyMike82's avatar
      MikyMike82
      Copper Contributor
      Almost a post from 2+ years.... but cost me a lot of headache figuring out what kind of strange errors i was getting setting up my hello for business in a test VM.... summing up my environment and a google search brught me here! Having a good nights sleep now...
    • Vibbo's avatar
      Vibbo
      Brass Contributor

      HotCakeX  Thanks so much for this. It took a bit of Googling to find this - hopefully adding the error code 0x80090010 (what is shown in the VM window) to this thread will help others in the future.

    • paulc's avatar
      paulc
      Copper Contributor

      This is a perfect solution

       

  • I just remembered to mention this that I have disabled MFA (multi factor authentication) and also self service password reset. my user has no phone number associated to his account, that's how I wanted it to be, but could it be the reason the PIN is not working?

     

    I've also enabled Windows hello for business in Intune

     

     

Resources