SOLVED

[Solved] Allow PIN support for Windows 10 devices

%3CLINGO-SUB%20id%3D%22lingo-sub-1006301%22%20slang%3D%22en-US%22%3ERe%3A%20Allow%20PIN%20support%20for%20Windows%2010%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1006301%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20remembered%20to%20mention%20this%20that%20I%20have%20disabled%20MFA%20(multi%20factor%20authentication)%20and%20also%20self%20service%20password%20reset.%20my%20user%20has%20no%20phone%20number%20associated%20to%20his%20account%2C%20that's%20how%20I%20wanted%20it%20to%20be%2C%20but%20could%20it%20be%20the%20reason%20the%20PIN%20is%20not%20working%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20also%20enabled%20Windows%20hello%20for%20business%20in%20Intune%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F157087i18400DC2FD9F012D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Annotation%202019-11-14%20231332.png%22%20title%3D%22Annotation%202019-11-14%20231332.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1007671%22%20slang%3D%22en-US%22%3ERe%3A%20Allow%20PIN%20support%20for%20Windows%2010%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1007671%22%20slang%3D%22en-US%22%3E%3CP%3EOkay%20so%20I%20figured%20out%20what%20the%20problem%20was.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eas%20I%20said%20I%20was%20using%20a%20VM%20in%20Hyper-V%2C%20it%20was%20in%20Enhanced%20session%20mode%2C%20meaning%20it%20was%20connecting%20to%20the%20VM%20using%20RDP%20protocol%20which%20is%20better%20and%20more%20scalable%20in%20screen%20resolution%2C%20but%20that%20also%20was%20preventing%20Windows%20Hello%20for%20Business%20to%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20537px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F157108i429093F8125B73EA%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%222.png%22%20title%3D%222.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eso%20with%20%3CSTRONG%3EEnhanced%20session%20mode%3C%2FSTRONG%3E%20in%20Hyper-V%2C%20my%20Windows%2010%20settings%20page%20looked%20like%20this%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F157107i1086D68DDB9D4C09%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%223.png%22%20title%3D%223.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eand%20in%20%3CSTRONG%3Ebasic%20session%20mode%3C%2FSTRONG%3E%2C%20it%20looks%20like%20this%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F157109i17493505DF4DD79A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%221.png%22%20title%3D%221.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eso%20that's%20it%2C%20very%20simple%20thing%20that%20kept%20me%20up%20all%20night%20figuring%20out%20what%20I%20was%20doing%20wrong..hope%20this%20will%20help%20anyone%20else%20stuck%20in%20the%20same%20situation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1006227%22%20slang%3D%22en-US%22%3E%5BSolved%5D%20Allow%20PIN%20support%20for%20Windows%2010%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1006227%22%20slang%3D%22en-US%22%3E%3CP%3EI%20want%20to%20allow%20my%20Windows%2010%201909%20(Hyper-V%20VM)%20to%20be%20able%20to%20use%20PIN%20for%20sign%20ins.%3C%2FP%3E%3CP%3EI%20have%20created%20a%20non-administrator%20account%20and%20joined%20my%20VM%20during%20Windows%20installation%20to%20the%20AAD%20from%20the%20start.%3C%2FP%3E%3CP%3EI%20also%20configured%20this%20for%20PIN%20policy%20in%20Windows%2010%20in%20Azure%20portal%20-%20Intune%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F156902i5FB7DA8DB7756BC3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%221.png%22%20title%3D%221.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F156904iF0E5565E55C9E5DF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%222.png%22%20title%3D%222.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F156906i37DF9716369A5F44%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%223.png%22%20title%3D%223.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20created%20a%20group%20in%20Intune%20and%20put%20my%20VM%20device%20%2B%20User%20into%20that.%3C%2FP%3E%3CP%3Ethen%20I%20assigned%20this%20profile%20that%20I%20created%20for%20PIN%20to%20that%20group.%3C%2FP%3E%3CP%3Eadded%20my%20administrator%20user%20as%20the%20group%20owner.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20also%20read%20this%20article%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F3201940%2Fcan-t-configure-a-pin-when-convenience-pin-and-hello-for-business-poli%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F3201940%2Fcan-t-configure-a-pin-when-convenience-pin-and-hello-for-business-poli%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Estill%2C%20in%20my%20Windows%2010%20account%20settings%2C%20there%20is%20no%20sign%20of%20PIN.%20i've%20waited%202%20hours%2C%20synced%20my%20device%20from%20AAD%20portal%20and%20also%20from%20Windows%20settings%20to%20receive%20the%20latest%20policies.%20still%20nothing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F156908iD7E6F10D60DABDEB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22222.png%22%20title%3D%22222.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20running%20out%20of%20clues%20that%20why%20this%20is%20not%20working.%20any%20ideas%3F%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1006227%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMonitoring%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20%26amp%3B%20Compliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Honored Contributor

I want to allow my Windows 10 1909 (Hyper-V VM) to be able to use PIN for sign ins.

I have created a non-administrator account and joined my VM during Windows installation to the AAD from the start.

I also configured this for PIN policy in Windows 10 in Azure portal - Intune

 

1.png

 

2.png

 

3.png

 

 

I created a group in Intune and put my VM device + User into that.

then I assigned this profile that I created for PIN to that group.

added my administrator user as the group owner. 

 

I've also read this article:

https://support.microsoft.com/en-us/help/3201940/can-t-configure-a-pin-when-convenience-pin-and-hell...

 

 

still, in my Windows 10 account settings, there is no sign of PIN. i've waited 2 hours, synced my device from AAD portal and also from Windows settings to receive the latest policies. still nothing.

 

222.png

 

I'm running out of clues that why this is not working. any ideas? 

Thanks in advance

2 Replies

I just remembered to mention this that I have disabled MFA (multi factor authentication) and also self service password reset. my user has no phone number associated to his account, that's how I wanted it to be, but could it be the reason the PIN is not working?

 

I've also enabled Windows hello for business in Intune

 

Annotation 2019-11-14 231332.png

 

best response confirmed by HotCakeX (Honored Contributor)
Solution

Okay so I figured out what the problem was.

 

as I said I was using a VM in Hyper-V, it was in Enhanced session mode, meaning it was connecting to the VM using RDP protocol which is better and more scalable in screen resolution, but that also was preventing Windows Hello for Business to work.

 

2.png

 

 

 

so with Enhanced session mode in Hyper-V, my Windows 10 settings page looked like this:

 

3.png

 

 

and in basic session mode, it looks like this:

 

1.png

 

so that's it, very simple thing that kept me up all night figuring out what I was doing wrong..hope this will help anyone else stuck in the same situation.