Connecting to Azure MDM causes the password of Local Administrator user account to expire

%3CLINGO-SUB%20id%3D%22lingo-sub-1859835%22%20slang%3D%22en-US%22%3EConnecting%20to%20Azure%20MDM%20causes%20the%20password%20of%20Local%20Administrator%20user%20account%20to%20expire%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1859835%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20facing%20a%20strange%20issue%2C%26nbsp%3B%20when%20connecting%20to%20Azure%20MDM.%20The%20password%20of%20a%20local%20user%20account%20who%20is%20a%20part%20of%20Administrators%20group%20is%20forced%20to%20expire.%26nbsp%3B%3C%2FP%3E%3CP%3EBelow%20are%20the%20steps%20to%20reproduce%20the%20Issue%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Set%20up%20a%20Device%20restriction%20profile%20in%20endpoint%20portal%20under%20Configuration%20Profiles%3C%2FP%3E%3CP%3E2.%20Just%20select%20%22Password%22%20as%20required%20and%20leave%20other%20settings%20to%20default%20values%20(refer%20attachment)%3C%2FP%3E%3CP%3E3.%20Assign%20the%20profile%20to%20All%20Users%3C%2FP%3E%3CP%3E4.%20Connect%20a%20Windows%2010%20Machine%20to%20MDM%3C%2FP%3E%3CP%3E5.%20Sign%20out%20and%20login%20using%20a%20local%20user%20account%20(part%20of%20administrators%20group)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20can%20be%20noticed%20that%20the%20user%20is%20prompted%20to%20change%20the%20password.%20(refer%20attachment)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20also%20attached%20MDMDiagReport%20for%20reference.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eany%20help%20regarding%20this%20is%20much%20appreciated%2C%20Thanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1859835%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1871612%22%20slang%3D%22en-US%22%3ERe%3A%20Connecting%20to%20Azure%20MDM%20causes%20the%20password%20of%20Local%20Administrator%20user%20account%20to%20expire%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1871612%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20wondering%20but%20maybe%20the%20password%20is%20not%20expired%20but%20maybe%20the%20password%20does%20not%20meet%20the%20complexity%20requirements%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EMinDevicePasswordComplexCharacters%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3E3%20-%20Digits%2C%20lowercase%20letters%2C%20and%20uppercase%20letters%20are%20required.%20Not%20supported%20in%20desktop%20Microsoft%20accounts%20and%20domain%20accounts.%3C%2FLI%3E%3CLI%3E%3CSPAN%3ELocal%20accounts%20support%20values%20of%201%2C%202%2C%20and%203%2C%20however%20they%20always%20enforce%20a%20value%20of%203.%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E
Senior Member

We are facing a strange issue,  when connecting to Azure MDM. The password of a local user account who is a part of Administrators group is forced to expire. 

Below are the steps to reproduce the Issue

 

1. Set up a Device restriction profile in endpoint portal under Configuration Profiles

2. Just select "Password" as required and leave other settings to default values (refer attachment)

3. Assign the profile to All Users

4. Connect a Windows 10 Machine to MDM

5. Sign out and login using a local user account (part of administrators group)

 

It can be noticed that the user is prompted to change the password. (refer attachment)

 

I have also attached MDMDiagReport for reference.

 

any help regarding this is much appreciated, Thanks in advance

 

1 Reply

Just wondering but maybe the password is not expired but maybe the password does not meet the complexity requirements? 

 

MinDevicePasswordComplexCharacters

  • 3 - Digits, lowercase letters, and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts.
  • Local accounts support values of 1, 2, and 3, however they always enforce a value of 3.