Windows Hello for Business: Setup

First time setup for new device/PIN creation of Hello for Business

Restart the device (please make sure to save all files and data before doing so) After restart has completed, do the following:

Enter the username and password for an Azure AD user on a Windows 10 or 11 device, as shown in Figure 1

Figure 1: Windows Sign-in

As shown in Figure 2, the user is prompted to set up Windows Hello for Business (acronym will be ‘WHfB’).

Figure 2: Windows Hello Setup Prompt

The MFA challenge only occurs on the first sign-in to Windows when setting up Windows Hello. The user will receive a push notification or number-matching prompt on the Microsoft Authenticator mobile application.

By default, Windows does not offer additional MFA with the Microsoft Authenticator app on Windows Sign-ins. Figure 3 shows the Microsoft Authenticator prompt. Move on to the next page.

Figure 3: Microsoft Authenticator Request

To view Microsoft Authenticator application setup instructions, please go to page 8 and on.

Based on the WHfB Enrollment or Identity Protection policy previously discussed, the PIN can be numeric or alphanumeric, with or without special characters. Figure 4 provides a screenshot of the PIN setup screen.

Figure 4: Windows PIN Creation

 Once the PIN is successfully created, the screen shown in Figure 5 will appear.

Figure 5: Windows PIN Completion

After signing out once, WHfB is configured with a PIN (minimum requirement), as shown in Figure 6.

Figure 6: Windows Sign-in with PIN