Our security team have configured windows hello for business with PIN sign-in. We also are using Windows 10 with hybrid Azure AD. At times when a user signs in a blue enrolment screen is presented and they are prompted for AzureAD username/password and MFA. If they complete it they can enroll the pin or otherwise they can skip it.
What we are trying to understand is what instructs windows to display this enrolment screen and can we enforce it? For some users it does not reappear if they skip it but for others it does!
@shocko What you see is the Enrollment Status Page. The difference in who sees what is determined by which profiles you have set up for this. Can you provide more information on this possibly with screenshots?