Windows - Unable to logon with PIN (hexadecimal error code)

When a user uses their PIN to logon to a Windows computer, they may get an error similar to this:

Use the following steps to remediate the error.

This requires clearing all TPM keys, inputting the BitLocker recovery key for the machine, signing in with administrative credentials (AzureAD only) after a reboot to log back into Intune, and re-setting the management name and primary user for the machine.

Restart the computer, go into BIOS settings. This will vary by PC model.
Locate the Clear TPM option to clear all TPM keys on next reboot.
- For Dell systems, this is under Security > TPM. You may have to enable Advanced Setup mode on the top left of the screen if this is a newer BIOS to be able to view the Clear TPM option.
Have the computer reboot.
Once a BitLocker recovery screen appears, use Intune to obtain the recovery key for the machine that matches the key/drive ID.
Once the key is entered and correct, Windows will proceed to start.
Sign in with your admin credentials (with the Password option) under rellis.tamus.edu domain.
You should encounter this dialog box once you sign in. Click sign in, and enter your password and MFA.
Once you do so, after a couple of minutes a screen like "Almost there - create your PIN" should appear. Click OK, and log off of the computer and log back in with your password again.
Upon logging in, you should see the Account setup wizard to verify MFA and create a new PIN.
Once you are back at the desktop, search for "Access work or school" and verify that configuration policies are synced to the machine.
Go to the Intune admin center and look up the machine name, and re-enter the correct management name and primary user (if applicable) for the machine.
Have the user sign in with their username and password.
- Due to TPM being cleared, all PINs on the system are cleared. It should show up with the Windows OOBE prompting them that a PIN is required and they need to set one up, similar to first-logon tasks.