Windows Hello For Business Functionality On Hybrid Joined Laptops Off Site?

I read that you are supposed to be able to do a forgotten PIN reset remotely even when not connected to the corporate network.

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-video...

The demo video for "PIN reset above lock" shows the user having to first confirm their AD credentials before they can reset their WHFB PIN. How are the AD credentials validated if the user isn't connected to the corporate network? Is it able to check their current credentials with ADFS or PHS remotely?

Can someone explain how this PIN reset works with cached credentials? Does the user have to have existing cached credentials on the device?

What if the user hasn't signed into the laptop for an extended period of time and doesn't remember their previous AD password that's stored in their cached credentials?

Does using the method shown in the demo video somehow reset the cached credentials in the user profile?

Can a user with no cached local credentials on the laptop use WHFB PIN login as a method to create a new Windows profile while away from the corporate network?

0 Replies

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Windows Hello For Business Functionality On Hybrid Joined Laptops Off Site?

Windows Hello For Business Functionality On Hybrid Joined Laptops Off Site?