We have a client who wishes to have the Windows Hello for Business / Device Passcode / PIN feature turned OFF and just use their AD credentials on the device.
Is it possible to still have the device lock after a period of inactivity?
When the Password (which we don't want) Device Restriction setting is set to Not Configured, the Maximum minutes of inactivity until screen locks setting is greyed out!
you wrote ...and just use their AD credentials on the device. So I thought you don't want WHfB but AD Creds are used to logon :-). In that case you could enforce Password and the inactivity timeout...
What are you trying to achieve exactly? No WHfB and AAD Creds without Password?
Sorry for asking again. You write user signs in with current AD creds (synced to AAD). This is normal business username/password and no WHfB which means no Pin/Passcode/Bio, therefore you can enforce the password policy imho?! AD creds are username and password. Maybe I‘m totally not getting the point but I think you are doing the normal way of logon which allows this policy. Sorry if I start the discussion again.
