Reset the passcode on Windows devices integrated with the Microsoft PIN Reset Service using Intune

The reset passcode capability for Windows devices integrates with the Microsoft Pin Reset Service to let you generate a new passcode for devices that run Windows 10 Mobile. The devices must be running the Windows 10 Creators Update, or later.

Supported platforms

  • Windows - Supported on Windows 10 Creators Update and later (Azure AD joined)
  • Windows Phone - Not supported
  • iOS - Not supported
  • macOS - Not supported
  • Android - Not supported

Before you start

Before you can remotely reset the passcode on Windows devices you can manage, you must onboard the PIN reset service to your Intune tenant, and configure devices you manage. Follow these instructions to get that set up:

Connect Intune with the PIN reset service

  1. Visit Microsoft PIN Reset Service Integration website, and sign in using the tenant administrator account you use to manage your Intune tenant.
  2. After you log in, click Accept to give consent for the PIN reset service to access your account.
    PIN reset service permissions page
  3. In the Azure portal, you can verify that Intune and the PIN reset service were integrated from the Enterprise applications - All applications blade as shown in the following screenshot:
    PIN reset service application in Azure
  4. Log in to this website using your Intune tenant admin credentials and, again, choose Accept to give consent for the service to access your account.

Configure Windows devices to use PIN reset

To configure PIN reset on Windows devices you manage, use an Intune Windows 10 custom device policy to enable the feature. Configure the policy using the following Windows policy configuration service provider (CSP):

  • For devices - ./Device/Vendor/MSFT/PassportForWork/tenant ID/Policies/EnablePinRecovery

tenant ID refers to your Azure Active Directory, Directory ID which you can obtain from the Properties page of Azure Active Directory.

Set the value for this CSP to True.

Steps to reset the passcode

  1. Sign into the Azure portal.
  2. Choose More Services > Monitoring + Management > Intune.
  3. On the Intune blade, choose Devices.
  4. On the Devices blade, choose Manage > All devices.
  5. Select the device for which you want to reset the passcode, and then, on the device properties blade, choose New passcode.
  6. From the confirmation that appears, choose Yes. The passcode is generated, and is displayed in the portal for the next seven days.

Next steps

If the passcode reset fails, a link is provided in the portal to get more information.