Intune Password Policy Issue

%3CLINGO-SUB%20id%3D%22lingo-sub-1411966%22%20slang%3D%22en-US%22%3EIntune%20Password%20Policy%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1411966%22%20slang%3D%22en-US%22%3E%3CP%3EHey%2C%20Good%20afternoon%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20are%20setting%20up%20our%20intune%20MDM%20to%20meet%20soc2%20compliance%20and%20the%20only%20issue%20I%20have%20ran%20into%20so%20far%20is%20when%20checking%20the%20settings%20I%20noticed%20the%20password%20Policy%20is%20only%20enforcing%20on%20the%20PIN%20login%20and%20not%20the%20actual%20password%20to%20the%20account%2C%20would%20this%20need%20to%20be%20configured%20to%20use%20a%20password%20instead%20of%20a%20pin%20inside%20of%20O365%3F%20I%20was%20hoping%20we%20could%20set%20this%20up%20where%20the%20password%20policy%20is%20being%20enforced%20to%20the%20account%20login%20but%20have%20the%20option%20to%20use%20a%20pincode%20to%20login%20as%20well.%20The%20way%20it%20is%20being%20enforced%20the%20policy%20is%20enforcing%20the%20PIN%20to%20act%20as%20a%20password%20and%20not%20a%20PIN.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3Ap%3C%2Fimg%3E%20sorry%20if%20that%20got%20confusing%20at%20the%20end%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1411966%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1412379%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Password%20Policy%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1412379%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F677112%22%20target%3D%22_blank%22%3E%40jomurbach%3C%2FA%3E%26nbsp%3B%20as%20the%20vision%20of%20Microsoft%20is%20to%20go%20passwordless%20and%20with%20MFA%20and%20Pin%20this%20has%20been%20made%20possible%20so%20these%20are%20the%20new%20standards%20going%20forward.%20still%20the%20users%20get%20the%20option%20to%20switch%20between%20password%20and%20pin%20option%20on%20their%20own%20level%20while%20they%20are%20loging%20on%20their%20windows%2010%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1412402%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Password%20Policy%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1412402%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F181929%22%20target%3D%22_blank%22%3E%40Pervaiz%20Dostiyar%3C%2FA%3E%26nbsp%3BThank%20you%20for%20the%20Reply%2C%20As%20the%20option%20is%20available%20currently%20on%20my%20test%20laptops%20to%20switch%20between%20password%2Fpin%20the%20issue%20is%20the%20password%20Policy%20is%20only%20affecting%20the%20pin.%20I%20am%20assuming%20this%20will%20have%20to%20be%20changed%20in%20O365%20so%20the%20Intune%20policy%20properly%20reflects.%20As%20it%20stands%20right%20now%26nbsp%3B%20the%20Pin%20is%20actually%20a%20password%20and%20the%20actual%20password%20to%20login%20to%20the%20laptop%20isn't%20being%20enforced%20and%20can%20be%20anything%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1412471%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Password%20Policy%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1412471%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F677112%22%20target%3D%22_blank%22%3E%40jomurbach%3C%2FA%3E%26nbsp%3B%20All%20the%20setting%20and%20Policies%20could%20be%20done%20on%20the%20Azure%20or%20Intune%20section%20that%20will%20take%20effect%20on%20the%20sytem%20on%20Azure%20AD%20join%20or%20registered%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1413063%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Password%20Policy%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1413063%22%20slang%3D%22en-US%22%3Ejomurbach%2C%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20need%20to%20disable%20WHFB%20from%20Auto%20Enrollment%20before%20enrolling%20the%20devices.%20For%20the%20devices%20that%20already%20using%20PIN%2C%20the%20article%20below%20explains%20how%20to%20remove%20pins%20from%20them%2C%20you%20can%20push%20it%20using%20Intune%20PowerShell.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.google.com%2Famp%2Fs%2Fwww.slashadmin.co.uk%2Fhow-to-disable-pin-requirements-when-joining-windows-10-pc-to-azure-ad-and-using-office365-business-premium%2Famp%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.google.com%2Famp%2Fs%2Fwww.slashadmin.co.uk%2Fhow-to-disable-pin-requirements-when-joining-windows-10-pc-to-azure-ad-and-using-office365-business-premium%2Famp%2F%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hey, Good afternoon

 

we are setting up our intune MDM to meet soc2 compliance and the only issue I have ran into so far is when checking the settings I noticed the password Policy is only enforcing on the PIN login and not the actual password to the account, would this need to be configured to use a password instead of a pin inside of O365? I was hoping we could set this up where the password policy is being enforced to the account login but have the option to use a pincode to login as well. The way it is being enforced the policy is enforcing the PIN to act as a password and not a PIN.

 

:p sorry if that got confusing at the end 

4 Replies
Highlighted

@jomurbach  as the vision of Microsoft is to go passwordless and with MFA and Pin this has been made possible so these are the new standards going forward. still the users get the option to switch between password and pin option on their own level while they are loging on their windows 10 devices.

Highlighted

@Pervaiz Dostiyar Thank you for the Reply, As the option is available currently on my test laptops to switch between password/pin the issue is the password Policy is only affecting the pin. I am assuming this will have to be changed in O365 so the Intune policy properly reflects. As it stands right now  the Pin is actually a password and the actual password to login to the laptop isn't being enforced and can be anything 

Highlighted

@jomurbach  All the setting and Policies could be done on the Azure or Intune section that will take effect on the sytem on Azure AD join or registered devices.

Highlighted
jomurbach,

You need to disable WHFB from Auto Enrollment before enrolling the devices. For the devices that already using PIN, the article below explains how to remove pins from them, you can push it using Intune PowerShell.

https://www.google.com/amp/s/www.slashadmin.co.uk/how-to-disable-pin-requirements-when-joining-windo...