Forum Discussion

Kevin Frye's avatar
Kevin Frye
Copper Contributor
May 19, 2017

Prohibit PIN authentication and force password authentication?

I'm looking to use Intune for the first time for a client.  From what I've discovered, it appears that using Intune asks the users to setup a PIN to sign into their Azure AD-joined computer.  How can I prevent the use of a PIN to log into the machine and for password authentication?

 

I believe the use of a PIN also involves 2FA using their mobile phone number, but I'd prefer to require password authentication.

 

If I'm off base, please correct my understanding.

 

Thank you!

 

Kevin Frye

  • Deleted's avatar
    Deleted
    May 22, 2017

    This was true with the Windows 10 desktop 1511 version, the setting didn't have any effect, but with the 1607 version that changed. I've verified this not that long ago.

  • John Guy's avatar
    John Guy
    Brass Contributor
    What type of devices are in your use case? And do you have AD FS?
  • Kevin Frye's avatar
    Kevin Frye
    Copper Contributor
    In this case we are just concerned with Windows 10 computers. They will ultimately be Azure AD joined and without a local domain controller.
    • John Guy's avatar
      John Guy
      Brass Contributor

      I think the PIN element is part of Windows Hello for Business. I am not aware of a way to remove this if they are AD Joined.

       

      When creating a PIN it may prompt to verify identity with a text or phone call, this part can be skipped if you have ADFS but a PIN would still be required to set up.

Resources