Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Devices Non-compliant : Due to maximum minutes of inactivity before password is required

Visitor

Dear Everyone,

Today in two of our tenant, many of the daily syncing devices automatically got non-compliant due to "Due to maximum minutes of inactivity before password is required" property of Device Compliance policy.

 

Could someone help us to troubleshoot and get it resolved.

Thanks

7 Replies
I wouldn't rely on an unmonitored community to get support, try this instead: https://docs.microsoft.com/en-us/mem/get-support

@RomyNandi Hey. 

 

I have the same issue. A quick google search brought me to this forum. I currently have 5 laptops in Endpoint Manager showing "Maximum minutes of inactivity before password is required - Not Compliant"

 

Nothing changed on my part. More laptops are becoming Not Compliant as the day goes on. Not sure what's up. I'll keep monitoring it and comment back if it gets better or worse. Did you have any joy getting this resolved?

 

I'm getting the same across several tenants.... Did you figure out the solution?

 

@BJW Hey, no fix as yet. Devices seem to sit out of compliance for a couple of days and then move back into compliance. I am giving it a couple of weeks to see what state it is in then.

Following. Same issue. I have reported this issue to Microsoft.
I think I figured out the cause. The config policy to set the lock time was using an old ADMX based setting. I deleted that, and re-added using the setting catalog route. Once the setting started to route out to endpoints, they all started falling back into compliance.
https://www.anoopcnair.com/set-automatic-lock-screen-for-inactive-device-intune/
I believe I have worked out what my issue was at least. I have a config policy set up as per the post above. It allows you to set the inactive time to any time you wish in my case this is 10 minutes. Under the compliance policy > compliance settings > system security > Maximum minutes of inactivity before password is required, this option only lets you select time from a drop down of 1min, 5min, 15min, 1 hour etc... . I have amended the time in the config to 15 minutes to match the compliance policy until there is an option to set 10 minutes as a compliance policy.