Windows Hello for Business 0x80090010 NTE_PERM

August and now September patches have been released and this is still not resolved?

The health service bulletin has not even been updated since 24th July. 

I imaged 2 laptops and then Hybrid Joined. This registry key mentioned above resolved the PIN issue I was having.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
“Enabled”=dword:00000001

Hello, we are currently rolling out Windows 11 across the company, and "Hello for business" is not functioning on new devices. I will leave you to imagine the user feedback regarding Windows 11.
Thank you, Matthew Miles, for the workaround.

I ran into the same issue today while enrolling a client running the latest July 2025 update.

To investigate further, I tested the scenario in my lab with two VMs configured identically. Both used the same Windows Hello for Business deployment via OMA-URI settings:

./Device/Vendor/MSFT/PassportForWork/Biometrics/UseBiometrics,true ./Device/Vendor/MSFT/PassportForWork/Biometrics/FacialFeaturesUseEnhancedAntiSpoofing,true ./Device/Vendor/MSFT/PassportForWork/Biometrics/EnableESSwithSupportedPeripherals,1 ./Device/Vendor/MSFT/PassportForWork/SecurityKey/UseSecurityKeyForSignin,1 ./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/DisablePostLogonProvisioning,true ./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/UseCloudTrustForOnPremAuth,true ./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/Remote/UseRemotePassport,true ./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/UsePassportForWork,true ./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/RequireSecurityDevice,true ./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/SpecialCharacters,2 ./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/UppercaseLetters,2 ./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/LowercaseLetters,2

One VM had the June 24H2 update, the other the July 24H2 update.

Here’s what I observed:

- On the July update, error 0x80090010 occurred when attempting to register Windows Hello for Business.
- On the June update, registration completed successfully without any issues.

I also tested the workaround shared by Matthew Miles and can confirm that it works.

What I did:

1. Applied the suggested registry change.
2. Registered the WHfB PIN successfully.
3. Deleted the registry key afterward.

Even after a reboot, Windows Hello remained functional. It’s not an ideal fix, but it works for now. Hopefully, Microsoft addresses this properly in the next update.

I am facing the same issue.

I resolved it by manually adding the following registry.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
“Enabled”=dword:00000001

In addition, the WHfB setup screen appears, and after registering your face, the PIN registration screen is skipped.
Users cannot register a PIN, so they cannot use WHfB.

Could this be caused by the July Windows update?

*Please excuse any awkward phrasing, as I am Japanese.

This sounds exacly like the issue we are having. We have tried the same things as mentianed above with no luck. Hopefully the new update will fix the issue, fingers crossed 👍

Getting this same issue at my business too! Please let us know if there is a fix.

We are seeing this too

Not sure if it's the proper way to fix it yet or not, but this did resolve it for me on a test device.   

Even though we’ve had Passport for Work enabled via Intune policy (and it’s been working flawlessly for a while) I manually set the following registry key on the device — and it worked:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:00000001