PowerShell

Sometimes users need to have their Windows Hello for Business container reset. This can happen for a myriad of reasons: Biometrics stopped working “Something went wrong” errors during sign-in that won’t resolve Trust relationship between the credential and Microsoft Entra ID broke User suspects their PIN was observed or compromised Device was lost briefly and recovered — user wants to re-key For this support request, you can easily push a small script using Intune’s on-demand remediation feature (preview). All it does is use certutil to delete the Windows Hello container and return the exit code.

With the change of the Secure Boot certificates coming in fast and furious as summer approaches, it is paramount to ensure that your estate is ready to deploy the changes swiftly and securely. The change and deployment has been documented thoroughly by several great community articles and contributions in recent months, along with the expansion of Microsoft’s own documentation on the subject. I will not delve further into that here other than to provide links for further reading, but if you’re looking at a deployment guide, I would highly suggest taking a look at Mindcore’s blog linked below: