After the recent Windows 10 “Anniversary update” (1607), The capability to use the PIN functionality is now restricted by Global Group policy settings that must be turned on in advance for use of this feature.

The purpose of this post is to quickly publish details of some changes designed to create distinction of our next generation credential, now called Windows Hello for Business and its associated PIN. If you are currently managing an enterprise computing environment utilizing Windows 10 with Windows Hello then you should read this article to determine if you need to take action.

So, What’s Changed? — Starting in Windows 10, Version 1607, the default behavior to allow convenience PIN creation has changed.  The new default is that convenience PINs cannot be created on domain joined machines unless you specifically enable it via policy:

In summary, if you are looking to deploy Windows Hello for Business (formally Microsoft Passport for Work) then this might be the perfect opportunity to move to that more secure credential and not re-instate the convenience PIN sign in. However, if you have happy with the convenience PIN sign in functionality and security, you should enable the “Turn on convenience PIN sign-in” GP setting before you upgrade so that users can continue to use Windows Hello and not be interrupted by the upgrade.