Forum Discussion

GeorgeGrammatikos's avatar
GeorgeGrammatikos
MCT
May 02, 2021
Solved

-2016281112 (Remediation failed) - Minimum Password Length

Hi all,    I have been applied the Intune policy about minimum password length, to more than 100 clients but for 20 of them.  My password policy has a minimum of twelve characters, one Upper case,...
Intune
mobile device management (mdm)
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    May 05, 2021

    GeorgeGrammatikos 

     

    Hi

     

    So even only specifying: Require 

    Password type --> Default

    Minimum password --> 8 

     

    Is  giving you non compliant errors in a new device compliance policy

     

Rudy_Ooms_MVP's avatar
Rudy_Ooms_MVP
MVP
May 03, 2021

Hi,

Just wondering ( I am setting up a test vm right now) did the problem users also tried to change their password themself on the device itself and trying to check the compliance status in the company app?

 

I am missing the password type and password complexity in your screenshot? Or did you leave it on default?

 

 

And are the devices: 

 

azure ad joined or domain/hybrid joined

 

Did you also disabled Windows Hello?

 

And did you also read the docs from microsoft about this topic

 

Policy CSP - DeviceLock - Windows Client Management | Microsoft Docs

 

The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant.

GeorgeGrammatikos's avatar
GeorgeGrammatikos
MCT
May 03, 2021

Rudy_Ooms_MVP 

Hi,

 

One user changed his password but, he is having the same issue.
The Password type setting is the default one.
The devices are joined to an Azure AD.
The Windows Hello for some of the devices is enabled and for some others disabled.
The password has a minimum of twelve characters, x1 Upper case, x1 Lower case, x1 number & x1 special character.

  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    May 04, 2021

    GeorgeGrammatikos 

     

    Hi. As you know I sent you a private message with some tips.

    For anyone else reading this question:

     

     

    Hi, 

     

    I guess when I need to troubleshoot this. I would change one setting at a time.

     

    If you take a look at the Microsoft doc I linked to...  

    *

     

     

     

    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/38371480-intune-device-profile...

     

    I guess you have got 2 options.

     

    *Remove that part of the compliance policy as it is not working (uservoice says the same?)

    *Change the password compliance policy to require only 8 characters and digits and lowercase

    characters --> check if that works

     

    if it works -->  add uppercase

    if that works --> change policy to 12 

    If that works --> add complexity requirement

     

    Also beware Users with passwords that meet the requirement are still prompted to change their passwords.

    I know it can take a lot of time... but troubleshooting always does 😞 ..

    • GeorgeGrammatikos's avatar
      GeorgeGrammatikos
      MCT
      May 05, 2021
      Hi,

      I tried all the ways, but I'm still getting the device as non-compliant, and the error message is the same. I also test it with the assigned compliance policy without any result.
      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        May 05, 2021

        GeorgeGrammatikos 

         

        Hi

         

        So even only specifying: Require 

        Password type --> Default

        Minimum password --> 8 

         

        Is  giving you non compliant errors in a new device compliance policy

         

Resources