April update has broken Windows Hello for some devices but there’s a quick fix

news
Apr 9, 20253 mins
Windows PCsWindows Server

Microsoft says problem affected β€˜devices with specific security features enabled.’

Windows 11 official brand sign on computer laptop display, business office table
Credit: rawf8 / Shutterstock

A software hiccup has occurred with Windows Hello following this month’s security updates, one that could prevent users from logging in via facial recognition.

Fortunately, instead of prompting an increase in password reset work for helpdesks, as people who usually just gaze at their computers to unlock them realize they’ve forgotten their passwords, Microsoft has provided a simple workaround.

Will Townsend, principal analyst at Moor Insights & Strategy who focuses on networking infrastructure, carrier services and security, said Wednesday he “was surprised that the security update broke an important authentication feature.”

However, he said, “given the temporary workaround that was published, and an expected fast fix, the negative impact shouldn’t be long term or extensive. It’s also been widely shared in the news, and that could help reduce the call volume and trouble tickets for enterprises.”

Microsoft said in the release notes for a Patch Tuesday security update released this week that it is “aware of an edge case of Windows Hello issue affecting devices with specific security features enabled.”

The company stated, “after installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN. Users might observe a Windows Hello Message saying ‘Something happened, and your PIN isn’t available. Click to set up your PIN again’ or ‘Sorry something went wrong with face setup.'”

Microsoft went on to say that “this issue only affects devices where System Guard Secure Launch or Dynamic Root of Trust for Measurement (DRTM) feature is enabled after installing this update. Devices with Secure Launch or DRTM enabled prior to this update, or those with these features disabled, are not impacted by this issue.”

While it’s working on a patch, the company offered workarounds for the issue, which involved these steps:

  • To login using PIN, follow the Set my PIN prompt on the logon screen to re-enroll into Windows Hello.
  • To use Face Logon, re-enroll in Windows Hello Facial recognition: go to Settings > Accounts > Sign-in options > Facial recognition (Windows Hello), and select Set up. Follow the on-screen instructions.

Windows Hello for Business, which brought biometric sign in to Windows 10 and 11 business and enterprise users, first launched in November 2023.

Computerworld has reached out to Microsoft for comment, but as of press time had not received a response.

Paul Barker is a freelance journalist whose work has appeared in a number of technology magazines and online, including IT World Canada, Channel Daily News, and Financial Post. He covers topics ranging from cybersecurity issues and the evolving world of edge computing to information management and artificial intelligence advances.

Paul was the founding editor of Dot Commerce Magazine, and held editorial leadership positions at Computing Canada and ComputerData Magazine. He earned a B.A. in Journalism from Ryerson University.

More from this author