Trying to enable Windows Hello for Business across our domain for facial rec login. I went through and read the latest article from Microsoft on doing this (https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings) but I am still running into problems.
When I open up Sign-in options, the "set up" button for facial recognition is greyed out and under "PIN" I'm getting "Something went wrong. Try again later."
I cannot find any other option that would be helpful for enabling this in GPME.
Client PC is running Win10 Ver 1809, Domain Controller is running Win Server 2012 R2 Ver 6.3
Best Answer
According to the article below, Windows Hello for Business and the PIN are two different things.
https://support.microsoft.com/en-us/help/3201940/can-t-configure-a-pin-when-convenience-pin-and-hello-for-business-poli
If you enable both GPO (Windows Hello for Business and PIN), neither will work. You need to enable one or the other. Therefore, my suggestion, following the article above would be to disable the PIN-related GPOs, and only leave the ones for Windows Hello for Business and the biometrics enabled.