deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update hello-feature-pin-reset.md

Browse Source 
hello-feature-pin-reset.md
https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/b68f8a1e-9075-4399-8da9-5f3fa90fe6e0#CORRECTNESS
Line 25:  a new log in key >  a new login key 

Formatting
Line 91: Important note is not formatted correctly because a blank line is between the note coding. Reformat the note to include the content of the note.

Line 32: Delete duplicate of preceding H2 heading to avoid confusion with TOC. (Or create unique heading.)
This commit is contained in:
Angela Fleischmann
2022-08-09 14:58:35 -06:00
committed by GitHub
parent 3457ee1bbb
commit 6aea6fa9d6
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
View File

@ -22,15 +22,13 @@ Windows Hello for Business provides the capability for users to reset forgotten
There are two forms of PIN reset:
- **Destructive PIN reset**: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new log in key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration.
- **Destructive PIN reset**: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new login key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration.
- **Non-destructive PIN reset**: with this option, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. For non-destructive PIN reset, you must deploy the **Microsoft PIN Reset Service** and configure your clients' policy to enable the **PIN Recovery** feature.
## Using PIN reset
There are two forms of PIN reset called destructive and non-destructive. Destructive PIN reset is the default and doesn't require configuration. During a destructive PIN reset, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned. For non-destructive PIN reset, you must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed.
## Using PIN Reset
**Requirements**
- Reset from settings - Windows 10, version 1703 or later, Windows 11
@ -88,7 +86,6 @@ When non-destructive PIN reset is enabled on a client, a 256-bit AES key is gene
Using Group Policy, Microsoft Intune or a compatible MDM solution, you can configure Windows devices to securely use the **Microsoft PIN Reset Service** which enables users to reset their forgotten PIN without requiring re-enrollment.
>[!IMPORTANT]
> The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809 and later, and Windows 11. The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and later, Windows 11.
> The Microsoft PIN Reset service is not currently available in Azure Government.