For me, in the end all I needed to do was create pin and the issue was gone. No account deletes or any of that stuff.
I was just initially baffled as to why I needed to reset the pin in at all after a BIOS update, when no such behavior ever occurred before under Windows 10. And I've done quite a few BIOS updates on different machines under Windows 10.
The first BIOS update I do under Windows 11, and I got the "Your PIN is no longer available due to a change to the security on this device. Click to set up your PIN again." as seen in post #25. That was the baffling part to me. Simply doing what it said, all was good.
I don't know why yours is doing that as I certainly didn't have to do it, and I have 2FA enabled. All I had to do was log into my account using my Microsoft password and change the pin number to log into Windows. That's it. Not sure why yours or Calab was different?
Also, do you not have any other PCs/tablets, cell phones to access your email account online?
I think understanding how things work and knowing what to expect when certain procedures are performed makes the task easier. For me, now knowing I may have to reset a pin during a BIOS won't be such a surprise, and especially since I know how easy it is to solve.
My two cents.
Then why use something you don't understand and don't want to keep up with. Yeah I know the easy answer is "cause we're forced to" but you aren't forced to do anything, you choose to do because you want to use a product. So why not learn the basics?
We all had to learn from the beginning, and continue to learn. Thus as I'm fond of saying, owning a PC is an active endeavor, not a passive one. You also learn from experiences, which is what my post is about that you quoted.
My two cents.
What's conveniently left out of that equation is the end user's responsibility for securing their machine. Microsoft actually does provide tools to secure a "physically possessed PC". The problem is some push these tools as the boogieman or opine with a bunch of false what ifs, and maybe so's to scare people from using said tools.
BitLocker for example can secure your drives so that if the machine is physically taken, the drives can't be accessed without a pass key. And I can assure you pulling the drive and putting it in another machine WILL NOT override a BitLockered drive. Been there done that!!!
Yeah, there are probably some high-level tools possessed by trained specialists who can bypass specific security measures, but I seriously doubt they're seeking out small fry home PCs.
This is more than just basic education though. Microsoft made is extremely easy to upgrade to Windows 11 from previous versions if your hardware supported it. However, Microsoft did not make it super easy if you have certain scenarios in place.
I had issues with the UEFI fw updates more than a few times. Most of the time it was a simple reset your PIN and done. A couple of times I had the issue as described. The word was that if the Windows 11 installer found supported components it would install - it never told you that a subsequent update to your UEFI fw when using firmware-based TPM may, in fact, reset the TPM stored credentials and force you to have to reset your access when using Windows Hello - or that said access may be broken beyond repair if you're also connected to work / school accounts with strict policies, like "Allow my organization to manage my device" enforced.
A couple of other things that we did not know is that the current UEFI fw out there, while being listed as Windows 11 compatible, were not necessarily slated to work with Windows 11, as noted by my own experiences and how the fw update released not too long after I purchased a physical TPM module specifically listed Windows 11 compatibility in the change log. And previous to this there was no requirement for using TPM, and very loose requirements for using Secure Boot.
Cannot educate the user on scenarios that you don't know about. Users cannot educate themselves on something that is relatively new and untested. And before you try to say "Don't upgrade" if your hardware has died and you're forced to buy a new machine, well, that kinda gets in the way of that admonishing to not upgrade. I'm tech savvy, and I was able to figure out what I needed to do. Others are not - and there is only so much they can learn about when little things like this do not get reported to Microsoft so they can be actioned upon, if they choose to.
These kinds of things are not the users' fault solely - plenty of people keep saying things like "Yeah, you can use fTPM / PTT perfectly fine, there's no issue. And for the most part, for most people, it *will* be fine. They won't have convoluted setups like mine, with multiple external account setups plus my personal stuff, if they can they'll have separate, dedicated machines. But, then, what happens when Windows Update comes along and throws a fw update directly to your machine? What happens when someone works for an organization that required 'managing your device' when working from home? What happens when you're forced to work from home because of a pandemic?
It was a perfect storm situation - so many factors came together to make this happen. But it definitely is not the sole bailiwick of the end user in this case, with these scenarios. This was a major problem that was overlooked when Microsoft ran their extremely short Beta test for Windows 11 before launching it. This kind of thing should never have happened to anyone, but *particularly* not during a pandemic when people are working from home and have only limited, basic OTA access to IT staff.
