If Windows Hello for Business has stopped working in your organization, here is how you can troubleshoot the issue. It happens due to several reasons, and here we have consolidated some of the common causes along with the solutions so that you can make it run again without any delay.
The first five solutions are for system administrators only. However, the last solution can be tried by administrators as well as regular users.
Windows Hello for Business stopped working
If Windows Hello for Business has stopped working, follow these tips to resolve the issue:
- Verify PIN expiration setting
- Use Group Policy setting to turn on
- Enable use of a hardware security device
- Turn on smart card emulation
- Turn on biometrics for Windows Hello for Business
- Use Get Help to troubleshoot
To learn more about these solutions, continue reading.
1] Verify PIN expiration setting
It is possible to set an expiry date for the PIN so that your organization always stays on the safe side. If the date is over, users need to use a new PIN. At times, this setting could cause the cause in different ways. That is why it is suggested to turn off the PIN expiration setting for a while and check if it resolves your problem or not. For that, do the following:
- Press Win+R to open the Run prompt.
- Type gpedit.msc and hit the Enter button.
- Go to this path: Computer Configuration > Administrative Templates > System > PIN Complexity.
- Double-click on the Expiration setting.
- Choose the Not Configured option.
- Click the OK button.
2] Use Group Policy setting to turn on
There is only one way to enable Windows Hello for Business in your networked computers, and that is by using the Local Group Policy Editor. It is meaningless to mention that only an administrator can set things up. If you are an administrator, you can verify this setting in the GPO. For that, do the following:
- Open the Local Group Policy Editor on your computer.
- Navigate to this path: Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business.
- Make sure the status of the Use Windows Hello for Business is Enabled.
- If not, double-click on this setting.
- Choose the Enabled option.
- Click the OK button.
After that, you should be able to use Windows Hello for Business without any problem once the minimum setup is done.
3] Enable use of a hardware security device
A PIN is the most commonly used way to sign into a computer protected with Windows Hello for Business. However, it requires TPM to get the job done. If a computer is not equipped with Trusted Platform Module 1.2 or 2.0, you may not be able to use Windows Hello for Business. As an administrator, if you want to allow all the computers to use this security setting, you can enable or disable this setting in the Local Group Policy Editor. For that, do the following:
- Open the Local Group Policy Editor.
- Go to this path: Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business.
- Double-click on the Use a hardware security device setting.
- Choose the Enabled option.
- Click the OK button.
This solution works only when you have enabled it earlier. Also, do not select the Disabled option.
4] Turn on smart card emulation
Some Windows apps use smart cards to allow you to use Windows Hello for Business. However, if your credentials do not comply with smart card apps, you cannot use them to sign in. There is a Group Policy setting that prevents administrators from disabling smart card emulations for Windows Hello for Business. You need to turn it on using these steps:
- Open the Local Group Policy Editor.
- Navigate to this path: Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business.
- Open the Turn off smart card emulation setting.
- Choose the Not Configured option.
- Click the OK button.
- Double-click on the Allow enumeration of emulated smart card for all users setting.
- Choose the Enabled option.
- Click the OK button.
After that, try Windows Hello for Business on your computers.
5] Turn on biometrics for Windows Hello for Business
By default, Windows Hello and Windows Hello for Business use PIN as the primary method of login. However, it is also possible to use biometrics gestures to do the same thing. This Group Policy setting allows or prevents users from using biometrics. Therefore, it is suggested to follow these steps to verify the setting:
- Open Local Group Policy Editor.
- Go to this location: Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business.
- Double-click on the Use biometrics setting.
- Choose the Enabled option.
- Click the OK button.
6] Use Get Help to troubleshoot
If none of the aforementioned solutions has worked for you, it is time to use a Troubleshooter. You can use Get Help to use Windows Hello for Business Troubleshooter. Although we have covered most solutions here, there could still be a few things left, depending on the unique situation you are in. To use Get Help, follow these steps:
- Search for get help in the Taskbar search box.
- Click on the individual search result.
- Type troubleshoot windows hello in the search box.
- Follow the solutions as mentioned in the Get Help app.
That’s all! Hope these solutions worked for you.
Read: Fix Windows Hello problems
Why has Windows Hello stopped working?
Several things could be responsible for this problem on your Windows 11/10 PC. From an expired PIN to the prevention of biometrics devices, anything could cause this issue. Above all, you must have TPM or Trusted Platform Module 1.2 or 2.0 to use Windows Hello on your Windows 11/10 PC.
How do I reset Windows Hello for Business?
You can reset Windows Hello for Business using the Local Group Policy Editor. For that, you need to open this path first: Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business. Then, double-click on each setting that is set as Enabled or Disabled and choose the Not Configured option. Finally, restart your computer to get it done.
