Disable or gray out Windows Hello PIN on Windows devices using HexnodeSolved

Participant
Discussion
10 hours ago Jul 02, 2026

I’m managing Windows PCs through Hexnode and want to disable the PIN sign-in option under Settings > Accounts > Sign-in options > PIN (Windows Hello). Ideally, users should not be able to set or change the PIN locally, or the option should be grayed out.

I tried using a PowerShell script that sets the Windows Hello for Business registry policy under PassportForWork to disabled, but it did not remove or gray out the PIN option on the device.

Is there a Windows policy in Hexnode that can block PIN sign-in?

Replies (1)

Marked SolutionPending Review
Hexnode Expert
2 hours ago Jul 02, 2026
Marked SolutionPending Review

Hexnode currently does not have a native Windows policy setting to explicitly disable or gray out the PIN (Windows Hello) option on managed Windows devices.

If the requirement is specifically to prevent users from configuring Windows Hello PIN locally, this is not available as a built-in Hexnode restriction at the moment.

As an alternative, you can deploy a custom PowerShell script using the Execute Custom Script action if your organization has a tested script for your Windows environment. However, the script logic must be validated internally, as behavior can vary depending on Windows edition, domain/Azure AD state, Windows Hello for Business configuration, and existing local policies.

If your goal is to manage local account credentials rather than PIN sign-in, Hexnode can update local account passwords from the device page:

1. Go to Manage.

2. Open the Windows device.

3. Navigate to the Local Accounts sub-tab.

4. Use the actions menu next to the account.

5. Select Change Password.

This changes the local account password, but it does not disable or gray out the Windows Hello PIN option.

Regards,
Mary Romero

Save