Intune Password Policy Precedence

Question

Hi All&nbsp;Having difficulty trying to figure out the following&nbsp;I have created a password policy on Intune for my MDM device (windows 10 pro)However, i notice that the more restrictive policies always take precedence.&nbsp;For exampleLocal machine has policy to expire user password every 5 days.On Intune the policy for password expiration is set to 10 days.Local machine password expiration policy will take effect.&nbsp;Likewise for option such as password length.&nbsp;I will like to ask ifi) is that the expected behavior?ii) is there anyway to force intune created policies onto the local device?&nbsp;Thanks in advance!Jimmy&nbsp;&nbsp;

harm_veenstra · Answer

The password policy only applies to local user accounts, not Azure AD accounts. For this you can check https://docs.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy?view=o365-worldwide

rudy_ooms_mvp · Answer

Hi good morningNormal when policies are pushed with intune the most restrictive one will win. But could you explaining the "local policy" part? do you have an hybrid environment/old gpo's which are pushing this setting?

harm_veenstra · Answer

If so, then you perhaps need to set ./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP (https://www.anoopcnair.com/windows-10-mdm-csp-policies-override-group-policy-settings/)

iconoclast88 · Answer

Harm_Veenstra&nbsp;but what policy in intune changes the max password expiration for local accounts on cloud-only azure-joined pcs?&nbsp;&nbsp;

harm_veenstra · Answer

Does this work? https://howtomanagedevices.com/intune/2409/password-policies-using-intune/
Please click Mark as Best Response &amp; Like if my post helped you to solve your issue.This will help others to find the correct solution easily. It also closes the item.If one of the posts was helpful in other ways, please consider giving it a Like.

Forum Discussion

Intune Password Policy Precedence

5 Replies

Resources