Windows 10 Hello for Business PIN complexity not being honored?

Steel Contributor
We have a bunch of Surface pro tablets in the process of being upgraded to Win 10 1703 build. They are all Azure AD joined devices, managed with Intune (using the Intune client software). Post upgrade, users are being required to change their PIN to meet new complexity requirements of 6-digits minimum (we've always used 4 digits in the past). It's a complete mystery to me where this requirement is set/controlled, and how I can change it back to 4. I have checked our Intune classic admin console's settings here: Admin->MDM->Windows->Windows Hello for Business and the PIN length minimum is set to 4, yet so I am at a loss. Any guidance appreciated!
2 Replies

Hi Bob,


Thanks for giving the rest of us a heads up on this.  I must ask, why are you upgrading to 1703 prior to it being released to Current Branch for Business?  It is definitely suggested that you test 1703, but it is not slated for mass deployment at this time.  In fact, most of the world isn't on 1703 yet.  I have several non-domain systems at home that are being serviced on Current Branch straight from Microsoft.  None have been upgraded to 1703.  One of these is a Surface pro 4.  I believe it finally started downloading the bits for it in the background.


If you are just testing, this is exactly why you should be doing that.  Providing this feedback is crucial in making sure these issues don't exist when 1703 is CBB ready.  Thanks for taking the time.


Are you using Key-Based or Cert-Based WH4B?  It doesn't matter, but I'm curious!



Yes, I'm aware of the fact that 1703 is pre-release and not yet CBB. We are piloting it for a client that is anxious to use it once it's released, and they will be using it for a fleet of Surface Pro 4 devices. Key-based WHB.