users signing on with a PIN are blocked from accessing local SMB shares like on NAS devices with simple username/password logins

until MS fix this problem, Windows Hello has to be disabled if you use local file storage in this way (we use a NAS for backing up local systems)

You can disable Windows Hello from Windows Enrollment in Intune, but you cant disable PIN after enrollment.

I have suggested this to be fixed, and please vote for my suggestion at Microsoft

https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37093513-disable-windows-hello...

@Anders Eide To add to the SMB issue, PC's setup with Windows Hello during Windows setup complain that they have no local administrator account during recovery - meaning they can't be recovered.

The idea is solid, but as with virtually all of the recent 365 'improvements' turned on by default (clutter, focussed inbox etc) they're being foisted on users that don't need them, they are tricky if not impossible to remove, and just generate support issues needlessly. 

@James King 

I also strongly recomend disabling it for now. But it is possible to use hello and a local nas although it is  not recomended... you need to change login alternative and choose other user and log in by that was but it is much more inconvinient than just not using Hello.

@ErikROsberg There is no need for extra local accounts if you use a NAS. Just make a network connection to your NAS and save it as you connect. That way the credentials will be stored in the Windows Credential Manager (press "start" and type "credential manager" to launch it). You can then easily logon to windows using Windows Hello and the link to your NAS will just work on the basis of your stored password.

@James King This is definitely still happening. Any network drive will not be able to be accessed if using Windows Hello. It will say "A specified logon session does not exist. It may have already been terminated."

* I have tried just about everything on the the forums regarding Groupedit, Advanced Network Permissions & Settings to no avail.

I run IT for office with 10+ users accessing a server.

I just want to burn everything that has to do with Windows Hello with a blowtorch.

Why do they do this? When they do **bleep** like this I honestly feel like signing every single microsoft center up to scientology, jehovas witnesses, other various spam packages and see how they like being bombarded with CRAP noone asked for. F*** OFF!

My problem with it is that it's invasive. At no point are you asked if you want to activate it and there's no obvious way to disable it. I could probably disable it if I had the time, but for gods sake. Why force it upon people without asking? It's dirty practices and deserves to be spat on.

@James King 
You are absolutely correct.  Same deal, a NAS is blocked for the only user of 3 AD-Joined systems who uses the Hello PIN.  When that single user logs in w/ regular password, NAS access is fine.

@new2you2020do they then logon to On-Premise Active Directory for gaining access to the NAS? Or do they use a user/pass as defined on the NAS?

@Thierry Vos 
They use their AzureAD joined email address & password to connect to the NAS share (which was shared for Public/Everyone on the NAS side). Tell user to choose the "Key" icon at login (Other logon options) and use those creds, and they're all fine.

Tried hacking the Registry for the Hello PIN, since MS disables your ability to change it when AzureAD joined...unless you pay for a certain Tier (or Add-on) within Azure itself.  No go...Registry hack didn't help.  So if you created/chose the option to use a Hello PIN when joining the workstation to Azure, you're stuck w/ the OPTION. 

This is Azure's habit, you pay for this, you pay for that, you subscribe for this, you subscribe for that, for more of that, for ability to do that, etc..    It's not my preference, over a local Domain w/ local Domain AD joined computers being the standard and long term (long term) cost savings.

@EdmirTaipi I just tried but unfortunally it didnt work either.

So i've tried 3methods

Method 1: Using Group policy settings.

If you are on Windows 10 Pro edition, you can change the group policy settings to disable PIN sign-in option for all users.

• Open the Run dialog box by pressing the Windows key and the R key together.

• Type GPEDIT.MSC and hit the Enter key.

• Go to Computer Configuration -> Administrative Templates -> System -> Logon.

• On the right side, double click on Turn on PIN sign-in and select Disabled.

• Similarly disable the other Windows Hello options if any.

• Exit the Group policy editor and reboot the computer.

  
  
  Method 2: Disabling Windows Hello in Registry.

  If setting Group policy doesn’t work, you may disable the sign in options which should disable

  Windows Hello options in all user accounts.

   

Disclaimer: The registry is a database in Windows that contains important information about system hardware, installed programs and settings, and profiles of each of the user accounts on the computer. Windows often reads and updates the information in the registry.

Normally, software programs make registry changes automatically. You should not make unnecessary changes to the registry. Changing registry files incorrectly can cause Windows to stop working or make Windows report the wrong information.

Please take a backup of the registry. Follow the steps given in the link below:

How to back up and restore the registry in Windows

• Open the Run dialog box by pressing the Windows key and the R key together.

• Type Regedit and hit the Enter key.

• When the Registry Editor opens, navigate to the following location:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowSignInOptions.

• In the right pane, double click on the DWORD entry named value set it to 0.

Method 3:

First Setup a Intune trial
https://docs.microsoft.com/en-us/intune/fundamentals/free-trial-sign-up#sign-up-for-a-microsoft-intu... 

assigning one license to a random user, so we gain access to the Intune portal
https://devicemanagement.microsoft.com 

Go to Devices > Windows > Windows Device enrollment
https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesWindowsMenu/win... 

Click on Windows Hello for Business and at the bottom, at the "Configure Windows Hello for Business" select Disable, Apply

@RyanRoe I feel your pain! I have exactly the same issue. I've tried everything I can think of and I can find on the interwebs including multiple points in the network connection chain...with two separate computers (one a laptop and one a desktop). I had the network all talking nicely to each other as well as the NAS drive for awhile but then I made the mistake of a WIndows 10 update. Still trying to recover...

As an aside to previous comments on the subject, Synology (one of the two main NAS drive manufacturers) told me via a technical support enquiry that they do not support Windows Hello installations. I generated this enquiry while trying to attach a brand new DiskStation NAS (26 June 2020) to my network. 

I told you I've tried every point in the network connectivity chain...