Deploy Password Policies using Intune Configuration Profiles | Device Restriction

Let’s learn how to deploy password policies using Intune on Windows 10 devices. We use Intune device restriction profile to deploy password policies for Intune managed Windows 10 devices.

Steps to Configure Device Restrictions Password Policies

  • Login to EndPoint.Microsoft.com
  • Navigate to Devices – Configuration Profiles – + Create Profile
  • Select Platform as Windows 10 and Later
  • Select Profile as Device Restrictions
  • Click on Create button
Deploy Password Policies using Intune Configuration Profiles
Deploy Password Policies using Intune Configuration Profiles
  • Enter the Name of the Intune Configuration Profile – HTMD Password Policy
  • Enter the Description HTMD Password policy using Intune out of box configuration profiles
  • Click on Next button
  • Click on Password Section from Configuration Settings

NOTE! – Make sure none of the other settings are configured if you want to deploy only password policy.

Deploy Password Policies using Intune Configuration Profiles
Deploy Password Policies using Intune Configuration Profiles
  • Let’s configure password policies as per your security team requirements
  • The following are the configurations which I selected for HTMD Password Policy
Password - Require
Required Password Type - Alphanumeric
Password Complexicity - Numbers and Lowercase Letters Required
Minimum password length - 6
Number of sign-in failures before wiping device - 11
Password expiration (days) - 41
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 1
Deploy Password Policies using Intune Configuration Profiles

Event Logs

The following information might help you to troubleshoot Intune password policies deployment.

  • Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordLength), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x6), Enrollment Type: (0x0), Scope: (0x0).

Deploy Password Policies using Intune Configuration Profiles
Deploy Password Policies using Intune Configuration Profiles
MDM PolicyManager: Set policy int, Policy: (AlphanumericDevicePasswordRequired), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x0), Enrollment Type: (0x0), Scope: (0x0).
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 2
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 11
MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordComplexCharacters), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x2), Enrollment Type: (0x0), Scope: (0x0).
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 3
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 12
MDM PolicyManager: Set policy int, Policy: (DevicePasswordEnabled), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0x0), Enrollment Type: (0x0), Scope: (0x0).
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 4
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 13
MDM PolicyManager: Set policy int, Policy: (MaxDevicePasswordFailedAttempts), Area: (DeviceLock), EnrollmentID requesting merge: (9A96DE87-65BD-437E-B915-14B601DAE840), Current User: (Device), Int: (0xB), Enrollment Type: (0x0), Scope: (0x0).
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 5
Deploy Password Policies using Intune Configuration Profiles

Registry Entries

  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\9A96DE87-65BD-437E-B915-14B601DAE840\default\Device\DeviceLock
    • AlphanumericDevicePasswordRequired = 0
    • DevicePasswordEnabled = 0
    • MaxDevicePasswordFailedAttempts = 11
    • MinDevicePasswordComplexCharacters = 2
    • MinDevicePasswordLength = 6
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 6
Deploy Password Policies using Intune Configuration Profiles | Device Restriction 14

Video Deploy Password Policies using Intune

Deploy Password Policies using Intune

Resources

9 thoughts on “Deploy Password Policies using Intune Configuration Profiles | Device Restriction”

  1. Is there a way to change password policy but only have it apply the next time the user would normally have their passcode expire? We’re looking to move to a different passcode policy, but we’re hoping to not drop passcode changes on the entire company at once.

    Reply
  2. As this works for Hello pin only, if i disable hello pin there is no use
    I want the policy for user main password

    Reply
  3. Hi we have face issue on Hybrid Azure AD join devices while trigger Device Restriction Policy

    Password expiration (days) intune error there are other standard user present who are not allowed to change their password

    We have multiple Users any suggestions how to resolve this?

    Reply

Leave a Comment