Information
This policy setting allows you to control whether a user can sign in using a convenience PIN.
Note: The user's password will be cached in the system vault when using this feature.
The recommended state for this setting is: Disabled
A PIN is created from a much smaller selection of characters than a password, so in most cases a PIN will be much less robust than a password.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Disabled
Administrative Templates\System\Logon\Turn on convenience PIN sign-in
Impact:
None - this is the default behavior.