Set User Default Credential Provider for Lock Screen

Question

I'm using Windows 10 Enterprise 22 H2 with Intune and MECM (Co-Managed). We enforce that our users enrol for Windows Hello for business. They can use PIN or Biometric. This all works fine but when the user session locks (idle time etc.) it defaults to username/password credential provider even if the user signed into the desktop console session with a PIN.

I'm aware there is a system wide policy to set the default credential provider here https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-credentialproviders#defaultcredentialprovider but I am wondering if there is a method to do this per user or have the lock screen default to the credential used for the user sigin in?

kapilarya · Answer

AFAIK, you can set default sign-in option system wide, I couldn't find any reference for per user.

You can set it using registry, detailed steps here (works with Windows 10 as well):

https://www.kapilarya.com/set-default-sign-in-option-in-windows-11

Hope this helps!

Note: Included link in this reply refers to blog post by a trusted Microsoft MVP.

shocko · Answer

I don't want to disable Biometrics per se, just chance the default credential provider displayed at the sign-in screen.

shocko · Answer

Does this work for Windows 10? I've tested with local group policy for the NCG provider (Windows Hello for Business PIN) but does not appear to work

shocko · Answer

It does not work for me on Windows 10. I have a ticket open with MS Suport and will post back once I get clarification.

dannyboypipes · Answer

shockoDid you hear anything back from MS? I'm trying to enforce PIN as default via GPO but it doesn't work at all.

Forum Discussion

Set User Default Credential Provider for Lock Screen

5 Replies

Resources