In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. In our environment we will be using two methods for authentication, biometrics and PIN. 

• Fingerprint recognition. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is significantly more reliable and less error-prone. Most existing fingerprint readers (whether external or integrated into laptops or USB keyboards) work with Windows 10.
• Windows stores biometric data that is used to implement Windows Hello securely on the local device only. The biometric data doesn't roam and is never sent to external devices or servers. Because Windows Hello only stores biometric identification data on the device, there's no single collection point an attacker can compromise to steal biometric data.

• PIN is tied to the device
  • One important difference between a password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!
  • Even you can't use that PIN anywhere except on that specific device. If you want to sign in on multiple devices, you have to set up Hello on each device.
• PIN is local to the device
  • A password is transmitted to the server -- it can be intercepted in transmission or stolen from a server. A PIN is local to the device -- it isn't transmitted anywhere and it isn't stored on the server. When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.

1. Once multifactor authentication(MFA) has been turned on you will need to sign into your laptop.
2. Enter your username and password as you normally would.
3. Be patient. Windows is setting up the Biometric/PIN authentication for you. 
4. When Windows Hello for Business is ready to begin scanning your fingerprint you will be prompted to begin scanning your fingerprint. A message will appear reading - Your device has a fingerprint sensor that works with Windows Hello, giving you a simple, password-free way to verify your identity. Select Set up on this screen. 
5. You will be prompted to touch the fingerprint sensor. Repeatedly lift and rest your finger on the sensor until setup is complete. 
6. A visual representation of your progress will guide you in scanning your fingerprint. 
7. You will now be prompted to try another angle. Rest and lift your finger at different angles to capture the edges of your print. Select Next to complete fingerprint scanning. The screen will read Just a moment... when scanning is complete.
8. You will now be prompted to create a PIN. PIN must be a minimum of 6 characters. Create a Windows Hello PIN in case we don't recognize you. This will allow you to easily unlock your device, and sign in to apps and services. Select Next.
9. If at this point you have already setup your account with Authenticator you will be prompted to enter a 6-digit code that will be texted to you. Enter it now to proceed. Select Verify.
10. You will now be presented with a Windows Security prompt. This is asking you to Set up a PIN. Create a PIN to use in place of passwords. Having a PIN makes it easier to sign in to your device, apps, and services. Enter your chosen PIN. If you choose you may include letters and symbols by selecting the check box for this option. Select OK when you are ready. 
11. After successfully entering and confirming your PIN a success message will appear. YOU DID IT! You're now able to sign in with your PIN. Select OK to sign into Windows. 
    

Notes:

In using this for a few weeks I have noticed that using the PIN is much easier when docked. It skips the step of needing to open your laptop to access the power button/fingerprint scanner. 

What Does This Look Like?