Event details
Greetings team;
Subject: Compliance Policies: Platform (Windows 10 and later): Profile type (Windows 10/11 compliance policy)
Question: Why are we presented with the option of not choosing a mobile platform by choosing "Windows 10 and later" only to not be presented with any options for Windows 10 under System Security? What I mean is, after specifically choosing the platform appropriate to the OS running on our devices, why am I forced to choose "Require a password to unlock Mobile devices" under System Security just to unlock the other fields for Minimum password length, etc? I mean I specifically chose a non-mobile platform expecting to configure settings for Windows 10/11, not "mobile devices". Please explain. Thx
- Jason_Sandys
Microsoft
Hi stdcsb,
The word "mobile" here is a bit misleading as it does not refer to third-party mobile devices but rather Windows mobile devices like Windows Phone and Windows Hololens. Thus, it's mostly an artifact left over from our support of these now legacy device types and has no applicability to Windows desktop devices.
What's your goal or expected end result on the devices in question?
Hi Jason_Sandys, thanks for engaging on my question,
I'm fairly new to my current employer and what I am finding is variables and values for Windows password complexity and enabling Windows Hello are showing up in several different locations and I'm trying to shift those into one place and thought the Compliance Polity might be the logical place to manage these things. Thoughts?- Jason_Sandys
Compliance (in Intune) is specific to settings that are local to the device or the OS instance itself so unless you are wanting to confirm compliance of password complexity for local accounts on the device, these settings won't help.
Password complexity and measurements for non-local accounts (like Entra) are enforced by the IdP (Entra ID for Entra accounts). I strongly suggest moving to a passwordless strategy though and not worrying about password complexity -- it sounds like you may have already started this journey.
Also, keep in mind that compliance is not necessarily configuration. In some cases, configuring compliance in Intune will also enforce settings, but that is not the primary purpose and this only happens with a few settings (like BitLocker). Even for settings where it does enforce a setting, it's best to use configuration policies to actual configure and enforce the settings. For Windows Hello for Business, start here: Configure a tenant-wide Windows Hello for Business policy with Microsoft Intune - Microsoft Intune | Microsoft Learn
