Device Lock without Passcode

Iron Contributor

Hi All

 

We have a client who wishes to have the Windows Hello for Business / Device Passcode / PIN feature turned OFF and just use their AD credentials on the device.

 

Is it possible to still have the device lock after a period of inactivity?

 

Info greatly appreciated.

 

Stuart

5 Replies

Hi Stuart

 

what you are looking for is available in the Device Restriction Policy in Intune:

 

DeviceRestrictionLock.png

 

best,

Oliver

Hi Buddy

 

When the Password (which we don't want) Device Restriction setting is set to Not Configured, the Maximum minutes of inactivity until screen locks setting is greyed out!

 

Stuart

Hi,

 

you wrote ...and just use their AD credentials on the device. So I thought you don't want WHfB but AD Creds are used to logon :-). In that case you could enforce Password and the inactivity timeout...

 

What are you trying to achieve exactly? No WHfB and AAD Creds without Password?

 

best,

Oliver

Hi There

 

Yep, sounds silly, I know but that's what they want:

 

  • No WHfB
  • No PIN / Passcode on the device
  • User signs in with current AD creds (synced to Azure AD)

Stuart

Sorry for asking again. You write user signs in with current AD creds (synced to AAD). This is normal business username/password and no WHfB which means no Pin/Passcode/Bio, therefore you can enforce the password policy imho?! AD creds are username and password.
Maybe I‘m totally not getting the point but I think you are doing the normal way of logon which allows this policy.
Sorry if I start the discussion again.

Best,
Oliver