Is there a method to force users to change their PIN? Currently, MBAM is not prompting for a PIN after we move it to the production OU (to apply the GPO after the MDT staging OU) and the end user is not the first person to see the MBAMClientUI when it is executed to prompt for PIN (workaround to enable end user to enter PIN). In addition, I would prefer to enforce periodic changes when desired by policy. Is this possible?Michael

Hi, There seems no group policy setting can achieve the goal. But we may try using script. I am doing research and will update you once I found such a script. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Great! I look forward to hearing from you.Michael

Hi, I did research but cannot find that script. I send an e-mail to the engineer who has ever mentioned that script before. But the engineer is OOF now. Once he replied to me. I will update you here. :) Thanks, Spencer Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Michael, Confirmed from BitLocker engineer, MBAM will prompt for PIN change only when MBAM GPO for OS drive is set to TPM + PIN and also the protector used is TPM. If you has already set GPO to TPM + PIN, then MBAM will not automatically prompt for PIN change. So, in your situation, I am sorry to say that user has to change the PIN manually. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.