Deploy Password Policies using Intune Configuration Profiles | Device Restriction

Deploy Password Policies using Intune Configuration Profiles

Let’s learn how to deploy password policies using Intune on Windows 10 devices. We use Intune device restriction profile to deploy password policies for Intune managed Windows 10 devices.

Steps to Configure Device Restrictions Password Policies

  • Login to EndPoint.Microsoft.com
  • Navigate to Devices – Configuration Profiles – + Create Profile
  • Select Platform as Windows 10 and Later
  • Select Profile as Device Restrictions
  • Click on Create button
Deploy Password Policies using Intune Configuration Profiles
Deploy Password Policies using Intune Configuration Profiles
  • Enter the Name of the Intune Configuration Profile – HTMD Password Policy
  • Enter the Description HTMD Password policy using Intune out of box configuration profiles
  • Click on Next button
  • Click on Password Section from Configuration Settings

NOTE! – Make sure none of the other settings are configured if you want to deploy only password policy.

Deploy Password Policies using Intune Configuration Profiles
Deploy Password Policies using Intune Configuration Profiles
  • Let’s configure password policies as per your security team requirements
  • The following are the configurations which I selected for HTMD Password Policy
Password - Require
Required Password Type - Alphanumeric
Password Complexicity - Numbers and Lowercase Letters Required
Minimum password length - 6
Number of sign-in failures before wiping device - 11
Password expiration (days) - 41
Deploy Password Policies using Intune Configuration Profiles

Event Logs

The following information might help you to troubleshoot Intune password policies deployment.

  • Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordLength), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x6), Enrollment Type: (0x0), Scope: (0x0).

Deploy Password Policies using Intune Configuration Profiles
Deploy Password Policies using Intune Configuration Profiles
MDM PolicyManager: Set policy int, Policy: (AlphanumericDevicePasswordRequired), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x0), Enrollment Type: (0x0), Scope: (0x0).
MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordComplexCharacters), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x2), Enrollment Type: (0x0), Scope: (0x0).
MDM PolicyManager: Set policy int, Policy: (DevicePasswordEnabled), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x0), Enrollment Type: (0x0), Scope: (0x0).
MDM PolicyManager: Set policy int, Policy: (MaxDevicePasswordFailedAttempts), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0xB), Enrollment Type: (0x0), Scope: (0x0).
Deploy Password Policies using Intune Configuration Profiles

Registry Entries

  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\9A96DE87-65BD-437E-B915-14B601DAE840\default\Device\DeviceLock
    • AlphanumericDevicePasswordRequired = 0
    • DevicePasswordEnabled = 0
    • MaxDevicePasswordFailedAttempts = 11
    • MinDevicePasswordComplexCharacters = 2
    • MinDevicePasswordLength = 6

Video Deploy Password Policies using Intune

Deploy Password Policies using Intune

Resources

1 thought on “Deploy Password Policies using Intune Configuration Profiles | Device Restriction”

Leave a Comment

Your email address will not be published. Required fields are marked *