From 6aea6fa9d6a0670602240b78f03b8c300303affe Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 9 Aug 2022 14:58:35 -0600 Subject: [PATCH] Update hello-feature-pin-reset.md hello-feature-pin-reset.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/b68f8a1e-9075-4399-8da9-5f3fa90fe6e0#CORRECTNESS Line 25: a new log in key > a new login key Formatting Line 91: Important note is not formatted correctly because a blank line is between the note coding. Reformat the note to include the content of the note. Line 32: Delete duplicate of preceding H2 heading to avoid confusion with TOC. (Or create unique heading.) --- .../hello-for-business/hello-feature-pin-reset.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index d1d68b482e..3e53faec85 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -22,15 +22,13 @@ Windows Hello for Business provides the capability for users to reset forgotten There are two forms of PIN reset: -- **Destructive PIN reset**: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new log in key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration. +- **Destructive PIN reset**: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new login key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration. - **Non-destructive PIN reset**: with this option, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. For non-destructive PIN reset, you must deploy the **Microsoft PIN Reset Service** and configure your clients' policy to enable the **PIN Recovery** feature. ## Using PIN reset There are two forms of PIN reset called destructive and non-destructive. Destructive PIN reset is the default and doesn't require configuration. During a destructive PIN reset, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned. For non-destructive PIN reset, you must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. -## Using PIN Reset - **Requirements** - Reset from settings - Windows 10, version 1703 or later, Windows 11 @@ -88,7 +86,6 @@ When non-destructive PIN reset is enabled on a client, a 256-bit AES key is gene Using Group Policy, Microsoft Intune or a compatible MDM solution, you can configure Windows devices to securely use the **Microsoft PIN Reset Service** which enables users to reset their forgotten PIN without requiring re-enrollment. >[!IMPORTANT] - > The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809 and later, and Windows 11. The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and later, Windows 11. > The Microsoft PIN Reset service is not currently available in Azure Government.