Device Lock without Passcode

Iron Contributor

Hi All


We have a client who wishes to have the Windows Hello for Business / Device Passcode / PIN feature turned OFF and just use their AD credentials on the device.


Is it possible to still have the device lock after a period of inactivity?


Info greatly appreciated.



5 Replies

Hi Stuart


what you are looking for is available in the Device Restriction Policy in Intune:






Hi Buddy


When the Password (which we don't want) Device Restriction setting is set to Not Configured, the Maximum minutes of inactivity until screen locks setting is greyed out!





you wrote ...and just use their AD credentials on the device. So I thought you don't want WHfB but AD Creds are used to logon :-). In that case you could enforce Password and the inactivity timeout...


What are you trying to achieve exactly? No WHfB and AAD Creds without Password?




Hi There


Yep, sounds silly, I know but that's what they want:


  • No WHfB
  • No PIN / Passcode on the device
  • User signs in with current AD creds (synced to Azure AD)


Sorry for asking again. You write user signs in with current AD creds (synced to AAD). This is normal business username/password and no WHfB which means no Pin/Passcode/Bio, therefore you can enforce the password policy imho?! AD creds are username and password.
Maybe I‘m totally not getting the point but I think you are doing the normal way of logon which allows this policy.
Sorry if I start the discussion again.