Microsoft has announced that a subset of Windows users may encounter difficulties logging into their accounts via Windows Hello following the installation of the April 2025 security updates. This issue affects both client systems, specifically Windows 11 24H2, and server platforms, namely Windows Server 2025, where the KB5055523 cumulative update has been applied. However, it is important to note that the problem arises only under certain conditions.
Details of the Issue
According to the tech giant from Redmond, devices experiencing these Windows Hello authentication challenges are those equipped with the Dynamic Root of Trust for Measurement (DRTM) or System Guard Secure Launch features activated prior to the deployment of the KB5055523 update. Microsoft elaborates on the situation, stating, “We are aware of an edge case of Windows Hello issue affecting devices with specific security features enabled. After installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN.”
Users may encounter messages indicating issues with their PIN or facial recognition setup, such as “Something happened and your PIN isn’t available. Click to set up your PIN again” or “Sorry something went wrong with face setup.”
Workarounds Provided by Microsoft
In light of this known issue, Microsoft has outlined several workarounds for affected users:
- To log in using a PIN, users should follow the Set my PIN prompt on the logon screen to re-enroll in Windows Hello.
- For those wishing to use Face Logon, re-enrollment in Windows Hello Facial Recognition can be done by navigating to Settings > Accounts > Sign-in options > Facial recognition (Windows Hello) and selecting Set up. Users should then follow the on-screen instructions.
In addition to addressing this issue, Microsoft recently resolved another bug associated with KB5055523 that caused authentication problems when Credential Guard was enabled on systems utilizing the Kerberos PKINIT pre-auth security protocol. Furthermore, earlier this week, Redmond introduced a safeguard hold for Windows 11 24H2 systems that employ SenseShield Technology’s sprotect.sys driver, which is utilized by various security or enterprise software. This hold was prompted by compatibility issues that resulted in blue or black screen of death (BSOD) errors.
Microsoft has also implemented upgrade blocks for Windows devices affected by incompatible software or hardware, including those using Dirac audio improvement software, integrated cameras, as well as the Easy Anti-Cheat and Safe Exam Browser applications.
