If a Windows 8.x/10 computer is joined to an Active Directory domain then the User Account “PIN sign-in” option is disabled (not Configured) by default. You can set it in either a domain or local Group Policy Object (GPO). It can also enabled on a local computer via a registry key setting.
For Local Group Policy run [Win+R] gpedit.msc and under
Local Computer Policy expand the tree to:
Computer Configuration\Administrative Templates\System\Logon
Change the Turn on convenience PIN sign-in setting to Enabled.
You can also change this setting in the local registry. Enable PIN sign-in by creating the REG_DWORD value AllowDomainPINLogon under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System Registry key and setting it to 1.
If you want to change this setting in a domain GPO it is nearly the same path & name as the local GPO. Domain path:
Computer Configuration\Policies\Administrative Templates\System\Logon
Change the Turn on PIN sign-in setting to Enabled.