Intune Password Policy Precedence

Occasional Visitor

Hi All

 

Having difficulty trying to figure out the following

 

I have created a password policy on Intune for my MDM device (windows 10 pro)

However, i notice that the more restrictive policies always take precedence.

 

For example

Local machine has policy to expire user password every 5 days.

On Intune the policy for password expiration is set to 10 days.

Local machine password expiration policy will take effect. 

Likewise for option such as password length.

 

I will like to ask if

i) is that the expected behavior?

ii) is there anyway to force intune created policies onto the local device?

 

Thanks in advance!

Jimmy

 

 

3 Replies
The password policy only applies to local user accounts, not Azure AD accounts. For this you can check https://docs.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy?view=o365...
Hi good morning

Normal when policies are pushed with intune the most restrictive one will win. But could you explaining the "local policy" part? do you have an hybrid environment/old gpo's which are pushing this setting?
If so, then you perhaps need to set ./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP (https://www.anoopcnair.com/windows-10-mdm-csp-policies-override-group-policy-settings/)