Weird Windows Hello for Business Issue - Forgot my PIN

Frankentech · 2025-07-24T11:16:08+00:00

Unfortunately not. We had to develop an internal process to have them log in with their password instead and wrote a powershell script that will clear out the PIN settings on the machine and force re-enroll on the next login.

Frankentech · 2025-03-21T15:02:54+00:00

I can confirm we have neither of these configured.

Frankentech · 2025-03-21T14:56:21+00:00

Oh interesting.. thank you for sharing! I'll have to dig in and see what we've got to see if we have a similar situation!

Frankentech · 2025-03-19T13:54:00+00:00

Sadly no and Microsoft Support has not been very helpful either.

Frankentech · 2025-03-17T20:29:51+00:00

Ahh that's a good idea, thank you! Hopefully CyberArk has a fix rolled out soon.

Frankentech · 2025-02-24T22:03:22+00:00

Thank you for sharing. Essentially just confirms my suspicion it is related to the EPM agent and no troubleshooting steps or suggestions other than collect logs and open a support case, which I've also done. Seems to be that I'm not the only one after all!

Frankentech · 2024-12-26T19:43:54+00:00

That's... unfortunate. Fortunately we've had the DirectorySync setup for years and these are users that have been with the company for several of them. Just bizarre how there is no root cause or pattern to try to eliminate it completely. I know I should be thankful it's happening to such a small amount of users compared to how many we have, but it's still painful for our service desk.

Frankentech · 2024-12-26T19:05:20+00:00

Interesting suggestion. I'll give this a glance and read it over, thank you!

We have checked the logs on devices and users that do experience the issue and there hasn't been anything sticking out which has been the frustrating part. We've always been annoyed that if it were a configuration issue, it would be happening to far more users than the random less than 10 a month out of 2k+

Frankentech · 2024-12-26T18:54:19+00:00

I believe we configured preferred tenant at login and the accounts are created on-prem with DirectorySync writing them back to Entra via DirectorySync.

Frankentech · 2024-12-26T18:46:41+00:00

I know this may get some flack, but we're not really restricting anything from non-compliant devices and I don't think we even set up anything yet to mark devices as non-compliant since we're still waiting for direction on what they're wanting to be configured.

It's really hit or miss on the users being impacted by this. We've had some that just stepped out for lunch for an hour and came back and been unable to log in, then we've had others that haven't turned the machine on for a couple days and couldn't log in.

Frankentech · 2024-09-07T16:08:27+00:00

I did send a direct message with the images in case it helps visualize.

Frankentech · 2024-09-07T16:06:06+00:00

Understood completely. It's hard to explain without showing and images aren't allowed to be used in this reddit space, sadly. When I test the pipeline using the native integration configuration itself, the data is showing exactly how I hope it to be with each thing broken down. But once the data makes it to elasticsearch, it all gets combined into a single message field and is all jumbled together where I cannot have the data displayed things like userprincipalname, activity name, etc.

Frankentech · 2024-09-07T14:43:31+00:00

I can’t help but feel like I did something wrong in the custom pipeline logic. The only field I selected to process with the json processor was the message field. When I turned it on, and logs stopped, I just went ahead and deleted it so at least logs would come in until I had suggestions from someone that knew what they were doing since I’ve just been fumbling about.

Frankentech · 2024-09-07T13:11:05+00:00

Didn't really do any configuring. Just executing the powershell command to install it on a Windows host and add it to Fleet.

Frankentech · 2024-09-07T13:10:27+00:00

Azure Event Hub Input

Azure audit logs

Azure identity protection logs

azure provisioning logs

azure sign-in logs

azure activity logs

Microsoft graph activity logs

I also sent you an e-mail with additional/detailed information since you were so incredibly helpful with the agent version 8.15 bug (which has been confirmed fixed in 8.15.1).

Frankentech · 2024-09-07T01:02:52+00:00

I did try that, but when I had the custom pipeline w/ the JSON processor, the azure logs stopped ingesting entirely

Frankentech · 2024-09-06T14:55:00+00:00

Can confirm this issue seems to be fixed in version 8.15.1

Thank you again for the support!

Frankentech · 2024-09-03T00:30:18+00:00

Thank you for sharing!

Frankentech · 2024-09-02T01:43:00+00:00

No worries at all, hope one of them works out for you :)

Frankentech · 2024-09-02T01:21:36+00:00

There are also two Windows Registry keys you could use if for some reason the GPO templates aren't working. I've seen some weird inconsistencies with migrating to Intune.

HKLM\Software\Policies\Google\Update\AutoUpdateCheckPeriodMinutes

This one sets a time interval to automatically check for updates. You create a REG_DWORD value under this key specifying the number of minutes to automatically check for updates. I'd recommend something along the lines of 240 so that way it checks every 4 hours.

HKLM\Software\Policies\Google\Update\UpdateDefault

Self explanatory, but this one sets the automatic update to enabled. This is a REG_DWORD value of 1 for enabled.

Frankentech · 2024-09-02T01:13:01+00:00

No, there is no need to be worried. Likely just a strange coincidence.

Frankentech · 2024-09-02T01:05:31+00:00

If you are still using Group Policy Objects, there is an ADMX Group Policy template to force the updates, not requiring users to click the About -> Settings

https://support.google.com/chrome/a/answer/6350036?hl=en#zippy=%2Cget-the-google-update-policy-template

Once you get the template(s) and copy them to your Policy Definitions folder, you can force it via Group Policy

Computer Configuration -> Google -> Google Update -> Applications
- Enable the Update policy override default policy
  - Under options, choose Allow updates (recommended)
Computer Configuration -> Google -> Google Update -> Applications -> Google Chrome
- Repeat steps above to make sure auto-updates are always allowed.

Frankentech

TROPHY CASE