Intune Password Policy Precedence

Copper Contributor

Hi All

 

Having difficulty trying to figure out the following

 

I have created a password policy on Intune for my MDM device (windows 10 pro)

However, i notice that the more restrictive policies always take precedence.

 

For example

Local machine has policy to expire user password every 5 days.

On Intune the policy for password expiration is set to 10 days.

Local machine password expiration policy will take effect. 

Likewise for option such as password length.

 

I will like to ask if

i) is that the expected behavior?

ii) is there anyway to force intune created policies onto the local device?

 

Thanks in advance!

Jimmy

 

 

5 Replies
The password policy only applies to local user accounts, not Azure AD accounts. For this you can check https://docs.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy?view=o365...
Hi good morning

Normal when policies are pushed with intune the most restrictive one will win. But could you explaining the "local policy" part? do you have an hybrid environment/old gpo's which are pushing this setting?
If so, then you perhaps need to set ./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP (https://www.anoopcnair.com/windows-10-mdm-csp-policies-override-group-policy-settings/)

@Harm_Veenstra but what policy in intune changes the max password expiration for local accounts on cloud-only azure-joined pcs?

 

 

Does this work? https://howtomanagedevices.com/intune/2409/password-policies-using-intune/



Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

If one of the posts was helpful in other ways, please consider giving it a Like.