Posted By Ian@SlashAdmin in Office 365 | 7 comments

Office365 Business Premium is great subscription for smaller businesses but if you want to join your Windows 10 PC’s to Azure AD it has one big disadvantage over the Enterprise subscriptions, mainly access to InTune.

Because of this if you join a Windows 10 PC to Azure AD all users will be required to setup a Pin before being able to log in. If your users hot desk they will have to do it on every PC they login to!

Your options are to purchase an InTune subscription and apply a license to every user at a cost of £4.50 per user per month.

Your second option is to disable the pin requirement in the registry on each PC either manually or by using your faviourite RMM tool.

I’ve put together a Poweshell script which will disable the pin requirement and also remove any existing pins. Simply run the script as an administrator on each PC or deploy it via RMM.

####################################################################################
#
# Ian Waters
#
# www.slashadmin.co.uk
#
# Prevents Windows 10 prompting to setup a pin after being added to Azure AD
#
# Designed for use with Office 365 Business Premium subscriptions
#
####################################################################################

#Disable pin requirement
$path = "HKLM:\SOFTWARE\Policies\Microsoft"
$key = "PassportForWork"
$name = "Enabled"
$value = "0"

New-Item -Path $path -Name $key –Force

New-ItemProperty -Path $path\$key -Name $name -Value $value -PropertyType DWORD -Force

#Delete existing pins
$passportFolder = "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc"

if(Test-Path -Path $passportFolder)
{
Takeown /f $passportFolder /r /d "Y"
ICACLS $passportFolder /reset /T /C /L /Q

Remove-Item –path $passportFolder –recurse -force
}

Conclusion

Working to a budget by using an Office 365 business premium subscription means you have to work a little harder to set things up just how you want them but once again PowerShell comes to the rescue 🙂