deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-05 04:03:39 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update faq.yml w/ convenience PIN details

Browse Source 
Providing more clarity on how convenience PINs do and do not work with Entra after receiving feedback from a confused customer.
This commit is contained in:
Michael Epping
2025-06-20 10:33:25 -07:00
committed by GitHub
parent df8406794e
commit 94f78453ba
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/hello-for-business/faq.yml
View File

@ -177,7 +177,7 @@ sections:
*Convenience PIN* provides a simpler way to sign in to Windows than passwords, but it still uses a password for authentication. When the correct convenience PIN is provided to Windows, the password information is loaded from its cache and authenticates the user. Organizations using convenience PINs should move to **Windows Hello for Business**. New Windows deployments should deploy Windows Hello for Business and not convenience PINs.
- question: Can I use a convenience PIN with Microsoft Entra ID?
answer: |
No. While it's possible to set a convenience PIN on Microsoft Entra joined and Microsoft Entra hybrid joined devices, convenience PIN isn't supported for Microsoft Entra user accounts (including synchronized identities). Convenience PIN is only supported for on-premises Active Directory users and local account users.
No. While it's possible to set a convenience PIN on Microsoft Entra joined and Microsoft Entra hybrid joined devices, convenience PIN isn't supported for authenticating Microsoft Entra user accounts (including synchronized identities). Convenience PIN is only supported for authenticating users to on-premises Active Directory users and local account users. Organizations that want to authenticate to Microsoft Entra should deploy Windows Hello for Business, which provides users with an Entra credential that can be used to authenticate to Entra-protected resources. Organizations that do not use Windows Hello for Business can choose to deploy convenience PINs on their workstations, including Entra Joined or Entra Hybrid Joined workstations, but convience PIN will not be able to provide authentication or SSO to Entra.
- question: What about virtual smart cards?
answer: |
Windows Hello for Business is the modern, two-factor authentication for Windows. Customers using virtual smart cards are strongly encouraged to move to Windows Hello for Business.