Forum Discussion
reditguy
Jan 18, 2019Iron Contributor
Intune password policy issues
Hi, we have been having issues with Compliance and Configuration policies, and Device Compliance. We initially had a password policy of minimum 12 characters, require 1 non-alphanumeric password...
zjudd
Mar 03, 2023Copper Contributor
3 years later, and I seem to be running into the same issue. Thanks for the suggestion - I will try this and report back if it works. As I know that the user had a Windows Live ID tied in addition to her work account.
UniverseCtz3n
May 16, 2023Copper Contributor
Same here...I've got BYOD devices and users that are signed-in to MS Live ID and Intune can't correctly check password compliance.
Edit
I figured it out! EventViewer logs led me to checkout DeviceLock Policy CSP.
I went to MinDevicePasswordComplexCharacters CPS docs and what I found is:
Account Type | Supported Values | Actual Enforced Values |
Local Accounts | 1,2,3 | 3 |
Microsoft Accounts | 1,2 | <p2 |
Domain Accounts | Not supported | Not supported |
Where allowed values:
Value | Description |
1 (Default) | Digits only. |
2 | Digits and lowercase letters are required. |
3 | Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts. |
4 | Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop. |
When I created a compliance policy with Password Complexity set to Require digits and lowercase letters, I was asked to update Windows Hello PIN to comply with this complexity and policy was evaluated successfully.