Forum Discussion
Intune password policy issues
reditguy I had a similar issue with a BYOD and Intune. After speaking with Intune support, it transpires that Intune is currently unable to evaluate the password strength for Windows Live ID accounts if you login with those. The suggested work around is to create a local account and login with that, and link the WLID account.
- UniverseCtz3nMay 16, 2023Copper Contributor
Same here...I've got BYOD devices and users that are signed-in to MS Live ID and Intune can't correctly check password compliance.
Edit
I figured it out! EventViewer logs led me to checkout DeviceLock Policy CSP.
I went to https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock?WT.mc_id=Portal-fx#mindevicepasswordcomplexcharacters CPS docs and what I found is:
Account Type Supported Values Actual Enforced Values Local Accounts 1,2,3 3 Microsoft Accounts 1,2 <p2 Domain Accounts Not supported Not supported Where allowed values:
Value Description 1 (Default) Digits only. 2 Digits and lowercase letters are required. 3 Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts. 4 Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop. When I created a compliance policy with Password Complexity set to Require digits and lowercase letters, I was asked to update Windows Hello PIN to comply with this complexity and policy was evaluated successfully.