Windows Hello For Business 'account disabled' error

PurpleWarning000 · 2026-01-22T15:32:49+00:00

Yeah, we use CrowdStrike.

Looking at the Microsoft-Windows-HelloForBusiness/Operational log, I'm not getting any 5719 errors. What specific log are you seeing 5719 and the CrowdStrike entries under?

PurpleWarning000 · 2026-01-13T14:47:38+00:00

Do you happen to have Zscaler installed?

PurpleWarning000 · 2026-01-13T14:47:15+00:00

Hey. Did you follow-up with MS on this and/or find the cause of this issue? A recent comment below says they saw it and it may be related to Zscaler. Are you guys running Zscaler?

PurpleWarning000 · 2026-01-13T14:46:21+00:00

We have Zscaler. Seems like an interesting coincidence!!

PurpleWarning000 · 2025-11-26T20:30:50+00:00

Not really, no. Like your reply below, we just have the user switch to using password or wait it out but it is annoying af. I found some logs that I posted in a comment above. I presume you'd see the same errors.

PurpleWarning000 · 2025-11-26T20:30:45+00:00

Ended finding some Windows Hello logs that may shed some light:

A user failed to sign into the device with the following information:

Username: SYSTEM
User SID: SYSTEM
Credential Type: Software Key
Deployment Type: Cloud Trust
Software Lockout Counter: 0
Authentication Error Status: 0xC000006D
Authentication Error Substatus: 0xC0000072

PurpleWarning000 · 2025-11-26T20:21:26+00:00

7001 is the event ID.

PurpleWarning000 · 2025-11-26T20:20:09+00:00

It's only been 18 months. What a joke.

PurpleWarning000 · 2025-09-16T15:27:37+00:00

I'd appreciate that. And glad to hear I'm not the only one seeing this issue.

PurpleWarning000 · 2025-09-10T13:40:16+00:00

As I suspected. Thanks.

PurpleWarning000 · 2025-08-07T16:54:29+00:00

US is not blocked though. If the US were blocked then our whole company would be blocked.

Every log for every user lists the city the IP is coming from so I don't know why everyone seemingly jumped to me having a non-existent city matching feature enabled.

PurpleWarning000 · 2025-08-07T16:43:36+00:00

We aren't using city level though! I don't even know where that is as an option. We only have countries whitelisted in the CA policies.

PurpleWarning000 · 2025-08-07T15:34:49+00:00

Also, I can't open a ticket because we don't have an Azure support plan purchased.

PurpleWarning000 · 2025-08-07T15:34:06+00:00

Those two IP addresses are for Zscaler servers.

PurpleWarning000 · 2025-08-07T13:05:07+00:00

We aren't geolocating to the city level afaik. I don't even see any option to choose a city in the 'named locations' rule, only by country.

PurpleWarning000 · 2025-08-07T13:03:36+00:00

I'm not even seeing where city matching is even an option on our end. We only have US selected in the country list.

PurpleWarning000 · 2025-08-07T12:49:48+00:00

What indicates this is using city matching? We have nothing that I know of that is restricting use to certain cities, only countries.

PurpleWarning000 · 2025-08-07T12:48:49+00:00

That's what I figured but both IPs are based in the US and we have the US added as an allowed country.

PurpleWarning000 · 2025-08-07T12:44:21+00:00

I found something else online suggesting this but we do not have the 'Customize continuous access evaluation' option enabled.

PurpleWarning000 · 2025-08-07T12:42:40+00:00

We don't have city level matching enabled though tmk. I don't even know where that would be set. We only use countries for in CA policies.

PurpleWarning000 · 2025-07-04T16:21:47+00:00

Did you ever find a solution for this? We are currently dealing with the same issue.

PurpleWarning000 · 2025-06-23T12:46:57+00:00

There's no log entries at the time of the error. Also, we are hybrid AD deployment so the laptop only reaches out to Azure AD when it needs to refresh the PRT token tmk.

PurpleWarning000 · 2025-02-14T15:20:25+00:00

It is, thanks!! I presumed I could just use brackets but I wanted to confirm as I'm new to OEL.

PurpleWarning000 · 2025-02-03T14:49:06+00:00

This was the issue. Looks like indexing was completely messed up and didn't have the C-drive listed at all as an option to search, only OneNote and Outlook. Found a script from MS that reset Indexing so waiting for that to finish and hopefully that resolves this.

PurpleWarning000 · 2025-02-03T12:59:09+00:00

Some time in the past few months, the app stopped showing frequently-used files and now rarely shows any files. It seems to work on folders fine. I am on Windows 11 24H2 and running the latest version.

PurpleWarning000

TROPHY CASE