Do I need to setup a CA Authority for Windows Hello for Business to work?

Iron Contributor

Hybrid Azure AD joined Windows 10 devices

AD Connect setup complete with SCP

Managed by Endpoint Manager (Intune)

All devices appear correctly in Azure AD

Identity Policy created for Windows Hello for Business

PIN requirement set


When I tested this, I can see my test devices being prompted for the wizard for set up a PIN.

When they log off and back in again the PIN is not recognised.

Are there any requirements to set up a CA Authority to get this to work?


2 Replies
if you go to settings > accounts > sign-in options on the device, does it say "This option is currently unavailable?" Check if the PIN says that.



Hi, please see attached.