Some users may be experiencing Biometric login issues when they try to sign in to their Windows 11/10 systems joined to a domain. If you cannot log in with a Fingerprint to a domain account, then this post shows how to enable Biometrics on a Windows 11/10 system joined to a Domain. The error message you may receive is:
Fingerprint Logon is not enabled for domain accounts on this machine. Log on using other credentials or see your system administrator.
Cannot log in with Fingerprint in Windows 11 joined to a Domain
You have successfully set up Biometric (fingerprint) sign-in for your Windows 11/10 device. Now you can unlock your device with your fingerprint but unable to sign-in to the Windows 11/10 device on a domain with the same fingerprint.
At login, Windows shows that your password has changed on another device (which with all certainty, it hasn’t). In Sign-in options, Windows shows that the Windows Hello PIN is ‘currently unavailable’.
When you click ‘more info’ it says:
Sorry – This PIN isn’t working for your organisation’s resources. Tap or click here to fix it.
This takes you to a “Set up PIN” page (even though a PIN was already configured).
Read: How to fix Windows Hello error codes.
It’s imperative to point out that by default, Biometric logon to domains via Windows computers is Not configured or Disabled, even though you have already set up biometric sign-in on the devices.
So the fix to the issue is a simple one.
You’ll need to enable Biometrics Sign In on Windows joined to a Domain, by configuring the following policy:
Allow domain users to logon on using biometrics
Once you complete the action, you can now successfully logon to the domain on the device.
I hope you get it working.
