When you use sign-in PIN on your Windows 10, it works in two different ways. If your system is not connected to any organization (such as work or school etc.), you can manage your PIN at system level. While, if your device is connected to an organization, your PIN should be managed by your IT admin. In that case, use of your PIN will be governed by Windows Hello for Business. In this article, we will see how to reset PIN for Windows Hello for Business.
Usually, if you forget PIN at system level, you can use I forgot my PIN link on login screen to reset it. However, for a PIN under Windows Hello for Business, your IT admin should have enabled some additional settings for PIN recovery. This article shares all of those additional configuration you need to make, if you’re the IT admin managing Windows Hello for Business.
To allow PIN reset, you can use Microsoft PIN Reset service. You can allow use of this service to reset PIN, if your organization ecosystem is using:
- Azure Active Directory.
- Hybrid Windows Hello for Business deployment.
- Azure AD registered, Azure AD joined, and Hybrid Azure AD joined.
- Windows 10 devices with Enterprise and Pro edition. For Version 1709 to 1809, this only works with Enterprise edition devices.
Here’s how you allow PIN reset via Microsoft PIN Reset service. First, you’ve to enable PIN reset enterprise applications for your AAD tenants. Then, you can configure client machines via Group Policy to allow reset of PIN.
How to reset PIN for Windows Hello for Business
1. Go to Microsoft PIN Reset Service Production website and sign-in with your Azure AD global administrator account.
2. Next, you’ll be prompted for permissions, so click on Accept in that window. Once you click on Accept, you’ll be redirected to https://cred.microsoft.com. But that page loads with message ‘You do not have permission to view this directory or page’. Don’t worry about that message as your consent should be registered in AAD portal.
3. Similarly, go to Microsoft PIN Reset Client Production website and give consent to use your account info.
4. Next, go to Azure portal (https://portal.azure.com). Then navigate to Enterprise applications. In search, type ‘microsoft pin’. You must be able to spot Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production here.
5. You can go to these applications one-by-one and assign your clients or groups.
6. Next, on client machines, you need to enable Use PIN recovery policy setting located at Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business.
So now if your clients forgot PIN, they can use I forgot my PIN link to reset PIN using Microsoft PIN Reset service. This link is available on login screen (as shown below) and also at Settings > Account > Sign-in options > PIN.
That’s it!
Leave a Reply