- How To Reset Windows Hello Pins
- Reset Windows Hello Pin Powershell
- How To Reset Windows Hello Pin Password
- How To Reset Windows Hello Pin Lock
Recently I have been troubleshooting a nasty Windows Hello for Business problem which prevented all users in a tenant from resetting their Windows Hello for Business PIN’s on Azure AD joined devices while getting the error CAA20004.
To do this in Windows 10, go to Settings and then Accounts. Select the entry for Sign-in Options. In the PIN section for Windows Hello, click the Change button (Figure A). If you’re tired of having to remember or reset your password, try using Windows Hello or a FIDO 2–compliant security key to sign in to your Microsoft account instead. All you’ll need is a device running Windows 10 Version 1809 or later and the Microsoft Edge browser.
When clicking on “I forgot my PIN”:
After completing the account sign-in and MFA challenge the Error CAA20004 came up:
The Azure AD Portal shows us “Failure reason: other”.
While recording all the https traffic to Microsofts oauth2 endpoint with Fiddler this finally unveils usable information:
How To Reset Windows Hello Pins
AADSTS65001: The user or administrator has not consented to use the application with ID ‘ 9115dd05-fad5-4f9c-acc7-305d08b1b04e’ named ‘ Microsoft Pin Reset Client Production’. Send an interactive authorization request for this user and resource.
The error indicates that an application registration is missing in the tenant for the application “Microsoft Pin Reset Client Production”
After a short search I found a matching Microsoft docs article. Instead of reading through the whole article the only thing I needed to do was consenthing to the: Microsoft PIN Reset Service production application and also for the Microsoft PIN Reset Client production
(just klick on the links in order to consent to the app registrations) as tenant admin. Although in some tenants I have only seen the “Microsoft PIN Reset Service production” and PIN resets are working without the “Microsoft PIN Reset Client production”.
When checking the registered enterprise applications in Azure AD the “Microsoft Pin Reset Client Production” was visible:
… and resetting Windows Hello for Business PIN’s is from now on possible and works like a charm.
Did you encounter the same difficulties? Or do you know why some tenants only have the “Microsoft PIN Reset Service production” and not the “Microsoft PIN Reset Client production” registered? I am curious to read your experiences in the comments.
Reset Windows Hello Pin Powershell
A PIN is a set of numbers, or a combination of letters and numbers, that you choose yourself. Using a PIN is a quick, secure way to sign in to your Windows 10 device. Your PIN is securely stored on your device. If you aren't signed in to your device and you want to reset a PIN, here are some things to try.
How To Reset Windows Hello Pin Password
If you see I forgot my PIN below the PIN text box, select it and follow the instructions. If there are multiple accounts on the device, choose the one you need to reset and follow the instructions. This will take you to Enter your password. Follow the instructions to sign in. Next, select Start > Settings > Accounts > Sign-in options > Windows Hello PIN > I forgot my PIN and then follow the instructions.
If you don't see I forgot my PIN, select Sign-in options > Enter your password and sign in. Next, select Start > Settings > Accounts > Sign-in options > Windows Hello PIN > I forgot my PIN and then follow the instructions.
How To Reset Windows Hello Pin Lock
Note: The PIN you use to access your device is different from your Microsoft account password. If you need to reset your Microsoft account password, go to account.microsoft.com, select Sign in and follow the instructions. Next, select Your info > Profile > Change your password > Change and then follow the instructions. If you're worried that someone has unauthorized access to your account, see Recover your Microsoft account and Security info & verification codes.