Forum Discussion
Windows Password requirements are applying to PIN requirements
- Thanks Kurt for the information. This was, possibly, due to someone "whose title we shalt not utter". Enabled the WHFB PIN configuration on the tenancy and disabled it.
After research, it was determined that once enabled for a tenant the configuration takes effect immediately and implemented. And, if disabled, the configuration cannot be removed. The only option, was to enable the PIN in Enrollment settings and configure.
Microsoft Documentation states the Auto-enrollment PIN configuration Precedence: WHFB, GPO, then device
Take a look if you have a Device Configuration Profile for Hello defined. That's another place where the PIN policy can be set. Also, you only have WHFB "Not Configured" which means "leave things at their default." It's possible someone went in earlier and set the policy values before flipping it back to "Not Configured" and hence a complex PIN requirement has been previously set.
Try to explicitly "Disable" the WHFB policy if you don't want it on. You may need to temporarily "Enable" it so you can go in and change the "Special Characters in PIN" to "Not Allowed" or whatever else you want to set before saving the policy.
If you previously had a PIN policy set via GPO, the Intune CSP should take effect and supplant it.
A fallback option could be to try setting these registry keys via script to reduce PIN complexity: Change PIN Complexity Requirements Policy in Windows 10 | Password Recovery (top-password.com).
Please like or mark this thread as answered if it's helpful, thanks!
After research, it was determined that once enabled for a tenant the configuration takes effect immediately and implemented. And, if disabled, the configuration cannot be removed. The only option, was to enable the PIN in Enrollment settings and configure.
Microsoft Documentation states the Auto-enrollment PIN configuration Precedence: WHFB, GPO, then device