I want to enable fingerprint login with GPO. I installed the Windows 10 1703 (Creators) ADMX files.
First, I read that "Turn on convenience PIN sign-in" from "Computer/policies/admin templates/system/logon" is REQUIRED... Is this true? If so, this seems ridiculous... I understand the user's domain password would have to be encrypted locally for a fingerprint to be translated to the password, however, I don't want to allow pins for login. If a user's fingerprint login doesn't work, I'd prefer to revert to password login rather than a very hackable pin.
Second, I read that some users are suggesting setting pin complexity requirements very high to remediate the idiocy of 4 or 6 digit pin access. These settings used to exist under "Computer/policies/admin templates/windows components/Windows Hello for Business" but Windows 10 Creators ADMX files have this option removed??!?!?!
Update: It looks like "Pin Complexity" was moved under System... Still, why MUST pin be enabled for biometrics to work, when hand typing one's password is ALWAYS available?