- #Set up a new password policy windows 10#
- #Set up a new password policy password#
- #Set up a new password policy windows 8#
In this way it can truthfully report whether the device is compliant to the policy.
#Set up a new password policy password#
The only way it can be sure it complies is to force you to change it, and the new password must meet the policy requirements. The reason is that the policy doesn’t know if the currently set password meets the requirements of the policy. When password length and complexity rules are applied, all the control user and administrator accounts are marked to change the password at the next sign in to ensure complexity requirements are met.Īll you have to do is enable a password policy and some default values will get set for password length and complexity, and these polices will require that a local administrator account change its password at next logon. Reading through the documentation, you come across this little nugget:
#Set up a new password policy windows 8#
Under the hood, this is using the Exchange Active Sync policy engine to set the password policies, which was created back in the Windows 8 era to enforce some security policies on devices that sync with Exchange. So why does this happen? Well, when Intune sets a password policy it uses the DeviceLock policies in the Policy CSP. I noticed that our password rotation solution was failing on recently deployed Azure AD-joined devices, after we enabled the baseline.
#Set up a new password policy windows 10#
Later I came across this again when rolling out the Windows 10 security baseline in Intune, which by default has a password policy. Compliance policies created in the new portal in Azure override the policies in the old portal, but since no new compliance policy was created for Windows 10, the old policy was still in effect and was causing this issue. After some lengthy investigation with Microsoft, we discovered there was a compliance policy created in the old Silverlight Intune portal (which we could no longer access) and targeted to these users that was setting a password policy.
Our password rotation solution would fail to rotate the password on the local admin account on some machines.
I first came across this issue when doing Windows Autopilot deployments. If you regular rotate the password for the local administrator account using a LAPS solution, for example, this becomes a right royal pain because password rotation will fail due to the requirement to change the password at next logon.
0 kommentar(er)
