WHfB/Key Trust models: PIN reset availability

Description: Based on user feedback and author verification, the PIN reset feature in Windows Hello for Business is available in Windows 10 Professional using different key trust models in different deployments depending on the version of Windows 10 (1511, 1703, 1709 and 1903). Thanks to @greytone for noting this issue in ticket #4662 . Changes proposed: - add important Note outlining which Windows 10 version makes the PIN reset feature available and the key trust model to use in each case. The information summary is provided by @jvsam and @mapalko, based on the discussion in the issue ticket page and original user feedback. - add spacing for another important note with MD quote indentation - add spacing for a table quote indentation - remove HTML tag incorrectly showing up in the MarkDown preview Additional notes: PR content and placement of the important note is subject to change, based on feedback from the author and MS Docs team members. issue ticket closure or reference: Closes #4662
2025-05-17 07:47:22 +00:00 · 2019-10-27 22:21:13 +01:00 · 2019-10-27 22:21:13 +01:00 · d5bd8dc72f
commit d5bd8dc72f
parent 77bd4dc21c
2 changed files with 28 additions and 5 deletions
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@ -28,13 +28,24 @@ Windows Hello addresses the following problems with passwords:
 -   Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
 -   Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing).

->[!div class="mx-tdBreakAll"]
 > | | | |
 > | :---: | :---: | :---: |
 > | [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |

 ## Prerequisites 

+> [!Important]
+> 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>. 
+> **Requirements:**</br>
+> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+>
+> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
+> **Requirements:**</br>
+> Reset from settings - Windows 10, version 1703, Professional</br>
+> Reset above lock screen - Windows 10, version 1709, Professional</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+
 ### Cloud Only Deployment
 * Windows 10, version 1511 or later
 * Microsoft Azure Account
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@ -64,9 +64,21 @@ The hybrid deployment model is for organizations that:
 * Have identities synchronized to Azure Active Directory using Azure Active Directory Connect
 * Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources

+> [!Important]
+> Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>
+> **Requirements:**</br>
+> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+
 ##### On-premises
 The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.

+> [!Important]
+> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
+> **Requirements:**</br>
+> Reset from settings - Windows 10, version 1703, Professional</br>
+> Reset above lock screen - Windows 10, version 1709, Professional</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903

 It’s fundamentally important to understand which deployment model to use for a successful deployment.  Some of aspects of the deployment may already be decided for you based on your current infrastructure.