Windows 10 Windows Hello for Business - access to on-premises resources using PIN fails

[Maxime Rastello]

Hello,

I've set up a Windows Hello for Business infrastructure by following the Deployment Guide. Here are the details:

• Deployment type : Hybrid key trust
• Azure AD : Premium licenses & MFA properly configured
• Azure AD Connect : users & devices are synced
• AD : Windows Server 2016 DC
• PKI : new Kerberos certificates are properly deployed on 2016 DCs

From an Azure AD Joined machine, I can properly:

• Enroll in Hello for Business, sign in and reset PIN
• Have SSO to cloud resources (Office 365)
• Have SSO to on-premises resources (filer) using the username / password logon in Windows

However, I can't :

• Have SSO to on-premises resources (filer) using the PIN logon in Windows

Connectivity to a DC and DNS is properly configured







Event IDs


Event 360

Windows Hello for Business provisioning will be launched.
Device is AAD joined ( AADJ or DJ++ ): Yes
User has logged on with AAD credentials: Yes
Windows Hello for Business policy is enabled: Yes
Windows Hello for Business post-logon provisioning is enabled: Yes
Local computer meets Windows hello for business hardware requirements: Yes
User is not connected to the machine via Remote Desknbsp;
User certificate for on premise auth policy is enabled: No
Machine is governed by none policy.
See https://go.microsoft.com/fwlink/?linkid=832647 for more


MVP Enterprise Mobility | Microsoft P-Seller | Azure Advisor

More...