InTune (Microsoft): Password check

Password check

Here are step by step instructions for Intune (Mac and PC) for Password acceptanceAfter confirming you are set up correctly, an integration sync is required (or wait until the nightly sync)

Password:

Please make sure that you have added the Device Configuration Profile.

Windows:

If Screen Lock Check has been configured:

  1. Go to https://endpoint.microsoft.com/
  2. Click on "Devices" from left sidebar menu.
  3. On "Devices" page menu, Scroll down the inner sidebar to "Policy" section and click on "Configuration Profiles".
  4. Find the previously created "Session Timeout" and access the profile.
  5. In "Configuration Settings" tab, scroll down to "Password" and expand it. Set the value for following checkboxes as below:
    • Password => Require
    • Minimum password length => 8
    • Required password type => Alphanumeric
    • Password complexity => Select either: "Numbers, lowercase and uppercase letters required" or "Numbers, lowercase and uppercase letters required and special characters required"
  6. Click "Next".
  7. In "Assignments" tab, In "Included groups" section, click "Add all devices", and click "Next".
  8. If "Applicability Rules" appears skip and finalize change. 

If Screen Lock check has not been configured:

  1. Go to https://endpoint.microsoft.com/
  2. Click on "Devices" from left sidebar menu.
  3. On "Devices" page menu, Scroll down the inner sidebar to "Policy" section and click on "Configuration Profiles".
  4. Click "Create Profile".
  5. In "Platform dropdown", select "Windows 10 and later" option.
  6. In "Profile type" select "Templates" option.
  7. Select "Device Restrictions" from Template names section and click create button.
  8. Name your policy as "Windows Password Enforcement", provide any description(optional) and click "Next".
  9. In "Configuration Settings" tab, scroll down to "Password" and expand it. Set the value for following checkboxes as below:
    • Password => Require
    • Minimum password length => 8
    • Required password type => Alphanumeric
    • Password complexity => Select either: "Numbers, lowercase and uppercase letters required" or "Numbers, lowercase and uppercase letters required and special characters required"
  10. Click "Next".
  11. In "Assignments" tab, In "Included groups" section, click "Add all devices", and click "Next".
  12. Skip the "Applicability Rules" and click "Create" button. 

Mac:

  1. Go to https://endpoint.microsoft.com/
  2. Click on "Devices" from left sidebar menu.
  3. On "Devices" page menu, Scroll down the inner sidebar to "Policy" section and click on "Configuration Profiles".
  4. Click "Create Profile".
  5. In "Platform dropdown", select "macOS" option.
  6. In "Profile type" select "Templates" option.
  7. Select "Device Restrictions" from Template names section and click create button.
  8. Name your policy as "Password Enforcement", provide any description(optional) and click "Next".
  9. In "Configuration Settings" tab, scroll down to "Password" and expand it. Set the value for following checkboxes as below:
    • Password => Require
    • Minimum password length => 8
    • Required password type => Alphanumeric
    • Number of non-alphanumeric characters in password (special characters) => 1 or greater
  10. Click "Next".
  11. In "Assignments" tab, In "Included groups" section, click "Add all devices", and click "Next".
  12. Skip the "Applicability Rules" and click "Create" button.

Note: Intune's API does not allow us to pull password policy status for Linux devices. Upload a screenshot showing this setting applied and click “ ignore” on the respective failing Linux test results.

Helpful resources

Additional considerations on endpoint security, including device scoping, can be found here.

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.