First time setup for new device/PIN creation of Hello for Business
Restart the device (please make sure to save all files and data before doing so) After restart has completed, do the following:
Enter the username and password for an Azure AD user on a Windows 10 or 11 device, as shown in Figure 1
Figure 1: Windows Sign-in
As shown in Figure 2, the user is prompted to set up Windows Hello for Business (acronym will be ‘WHfB’).
Figure 2: Windows Hello Setup Prompt
The MFA challenge only occurs on the first sign-in to Windows when setting up Windows Hello. The user will receive a push notification or number-matching prompt on the Microsoft Authenticator mobile application.
By default, Windows does not offer additional MFA with the Microsoft Authenticator app on Windows Sign-ins. Figure 3 shows the Microsoft Authenticator prompt. Move on to the next page.
Figure 3: Microsoft Authenticator Request
To view Microsoft Authenticator application setup instructions, please go to page 8 and on.
Based on the WHfB Enrollment or Identity Protection policy previously discussed, the PIN can be numeric or alphanumeric, with or without special characters. Figure 4 provides a screenshot of the PIN setup screen.
Figure 4: Windows PIN Creation
Once the PIN is successfully created, the screen shown in Figure 5 will appear.
Figure 5: Windows PIN Completion
After signing out once, WHfB is configured with a PIN (minimum requirement), as shown in Figure 6.
Figure 6: Windows Sign-in with PIN