Windows Passcode Profile fails
Problem
Unable to apply windows passcode profile policy.
Cause
This error happens if a Microsoft account is present on the devices.
Resolution
When passcode policy fails you need to check the following:
- Presence of any microsoft account.
- If the local user setting is altered.
Steps to verify the presence of any Microsoft account:
- Open Power-shell as admin in the machine on which the Passcode profile fails.
- Run the command Get-LocalUser | select * to get all the local user accounts.
- .Check the PrincipalSource of each entry, any entry with MicrosoftAccount or other domain account might be causing the issue.
- Passcode policy will not work on devices with Microsoft account. Learn more.
Steps to verify if local user setting is altered:
- In Windows search, type in lusrmgr.msc and open the top suggestion.
- You will be presented with a list of users and groups, click on each non-local user and check if User cannot change password field is unchecked. If not, kindly uncheck that.
Note: The policy fails for Microsoft local account, but for domain accounts(AD accounts), the setting in domain account precedes the applied MDM policy.