First I tried enabling PIN using Computer Configuration/Administrative Templates/System/Logon/Turn on convenience PIN sign-in.
This did allow me to set a PIN on the client PC (previously this option was greyed out). But after logging off, and even restarting, it kept asking for a password not PIN.
So, following the help provided on that setting:
"In Windows 10, convenience PIN was replaced with Windows Hello PIN,
which has stronger security properties. To configure Windows Hello for
Business, use the policies under Computer configuration\Administrative
Templates\Windows Components\Windows Hello for Business.If you enable this policy setting, a domain user can set up and sign
in with a convenience PIN. "
So I went ahead and enabled Windows Hello for Business as well. After restarting client I still was not able to login with PIN, and on top of that the PIN setting within Settings was now greyed out. Under the Windows Hello section it states
"Windows Hello isn't available on this device"
This same device was connected at one point to Azure AD and it worked fine with a PIN so it seems the hardware is perfectly capable of using the PIN.
But I am now stuck as to what settings I need to change to enable to PIN for this local domain-joined device.
Using: Windows 10 Pro 14393.726 and Server 2016 14393.693
Best Answer
Just installed a new Windows 10 Enterprise 1809 Feb 2019 update machine from ISO.
All Hello buttons and options were grayed out. I thrashed around for a while. Most web sites only address the various group policy changes that are required for Biometrics and Windows Hello.
In addition to the various Biometrics and Windows Hello GPO, we found it was also necessary to create a single registry key.
We created a User Configuration (rather than a Computer Configuration, which didn't work for us) GPO that set the following registry entry:
Here's a thread with more info: https://social.technet.microsoft.com/Forums/en-US/84a0bd50-1360-4a94-bfb3-b049ecace521/pin-and-fingerprint-signin-options-unavailable-greyed-out-in-windows-10-1607-enterprise?forum=win10itprogeneral