Reset the passcode on Windows devices using Intune
You can reset the passcode for Windows devices. The reset passcode feature uses the Microsoft Pin Reset Service to generate a new passcode for devices that run Windows 10 Mobile.
- Windows 10 Creators Update and later (Azure AD joined)
The following platforms are not supported:
- Windows Phone
Authorize the PIN reset services
To reset the passcode on Windows devices, onboard the PIN reset service to your Intune tenant.
- Go to Microsoft PIN Reset Service production, and sign in using the tenant administrator account.
- Accept consent for the PIN reset service to access your account:
- Go to Microsoft PIN Reset Client production, and sign in using the tenant administrator account. Accept consent for the PIN reset client to access your account.
- In the Azure portal, confirm that the PIN reset services are listed in Enterprise applications (All applications):
After you Accept the PIN reset requests, you may get a
Page not found message, or it may appear as if nothing happens. This behavior is normal. Be sure to confirm that the two PIN Reset applications are listed for your tenant.
Configure Windows devices to use PIN reset
To configure the PIN reset on the Windows devices you manage, use an Intune Windows 10 custom device policy. Configure the policy using the following Windows policy configuration service provider (CSP):
Use the device policy -
Replace tenant ID with your Azure AD Directory ID, which is listed in the Properties of Azure Active Directory in the Azure portal.
Set the value for this CSP to True.
After you create the policy, you assign (or deploy) it to a group. The policy can be assigned to user groups or a device groups. If you assign it to a users group, then the group may include users who have other devices, such as IOS. Technically, the policy doesn't apply, but these devices are still included in the status details.
Reset the passcode
- Sign in to the Azure portal.
- Select All services, filter on Intune, and select Microsoft Intune.
- Select Devices, and then select All devices.
- Select the device you want to reset the passcode. In the device properties, select New passcode.
- Select Yes to confirm. The passcode is generated, and is displayed in the portal for the next seven days.
If the passcode reset fails, a link is provided in the portal that provides more details.