By Anoop C Nair
Let’s learn how to deploy password policies using Intune on Windows 10 devices. We use Intune device restriction profile to deploy password policies for Intune managed Windows 10 devices.
Steps to Configure Device Restrictions Password Policies
- Login to EndPoint.Microsoft.com
- Navigate to Devices – Configuration Profiles – + Create Profile
- Select Platform as Windows 10 and Later
- Select Profile as Device Restrictions
- Click on Create button
- Enter the Name of the Intune Configuration Profile – HTMD Password Policy
- Enter the Description HTMD Password policy using Intune out of box configuration profiles
- Click on Next button
- Click on Password Section from Configuration Settings
NOTE! – Make sure none of the other settings are configured if you want to deploy only password policy.
- Let’s configure password policies as per your security team requirements
- The following are the configurations which I selected for HTMD Password Policy
Password - Require Required Password Type - Alphanumeric Password Complexicity - Numbers and Lowercase Letters Required Minimum password length - 6 Number of sign-in failures before wiping device - 11 Password expiration (days) - 41
Event Logs
The following information might help you to troubleshoot Intune password policies deployment.
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordLength), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x6), Enrollment Type: (0x0), Scope: (0x0).
MDM PolicyManager: Set policy int, Policy: (AlphanumericDevicePasswordRequired), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x0), Enrollment Type: (0x0), Scope: (0x0).
MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordComplexCharacters), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x2), Enrollment Type: (0x0), Scope: (0x0).
MDM PolicyManager: Set policy int, Policy: (DevicePasswordEnabled), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x0), Enrollment Type: (0x0), Scope: (0x0).
MDM PolicyManager: Set policy int, Policy: (MaxDevicePasswordFailedAttempts), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0xB), Enrollment Type: (0x0), Scope: (0x0).
Registry Entries
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\9A96DE87-65BD-437E-B915-14B601DAE840\default\Device\DeviceLock
- AlphanumericDevicePasswordRequired = 0
- DevicePasswordEnabled = 0
- MaxDevicePasswordFailedAttempts = 11
- MinDevicePasswordComplexCharacters = 2
- MinDevicePasswordLength = 6
Video Deploy Password Policies using Intune
Watch this video on YouTube. Deploy Password Policies using Intune
Resources
- ✔ https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure
- ✔ https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10
- ✔https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock
- Create Deploy Group Policy Using Intune Administrative Template
Ref: https://howtomanagedevices.com/intune/2409/password-policies-using-intune/