Forum Discussion
-2016281112 (Remediation failed) - Minimum Password Length
Hi
So even only specifying: Require
Password type --> Default
Minimum password --> 8
Is giving you non compliant errors in a new device compliance policy
Hi,
Thank you for your response.
I tested it last week, but it didn't work for my case.
HI
I suspect it has to do with the set and get commands
The problem is that this CSP only supports Add Operation, which means the Get Operation will always fail because it has not been implemented.
We are getting the same error when we are pushing a device configuration policy to set the Password... Of course, this succeeds, but getting the result.... most of the times it fails
But you are mentioning non-compliant errors? Could you show your device securitycompliance requirements?
What I am trying to say. Is that when you create some device configuration policies like this example to create a local admin user and a corresponding password.
It will always fail... (the reporting) even when the user and the password were created.
To quote someone (have it in my internal docs... but.. not sure who said it )
The error here is due to the status check mechanism that is implemented within. In general, when Intune tries to determine if the policy takes effect on the target device, it calls Get Operation of the interested OMA-URI, which basically queries the registry key value from the client. And then compare the result with the policy value.
The problem is that this CSP only supports Add Operation, which means the Get Operation will always fail because it has not been implemented. That's why we get the error even if it successfully applied.Did you, by any chance, read or heard when they will implement the Get? It kind of makes Intune Password Compliance Policy useless as we do not know what is compliance or not?
Thank you.
Don
Hi,
Just wondering ( I am setting up a test vm right now) did the problem users also tried to change their password themself on the device itself and trying to check the compliance status in the company app?I am missing the password type and password complexity in your screenshot? Or did you leave it on default?
And are the devices:
azure ad joined or domain/hybrid joined
Did you also disabled Windows Hello?
And did you also read the docs from microsoft about this topic
Policy CSP - DeviceLock - Windows Client Management | Microsoft Docs
The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant.
Hi,
One user changed his password but, he is having the same issue.
The Password type setting is the default one.
The devices are joined to an Azure AD.
The Windows Hello for some of the devices is enabled and for some others disabled.
The password has a minimum of twelve characters, x1 Upper case, x1 Lower case, x1 number & x1 special character.
