u/aPieceOfMindShit

Hi all,

We suddenly started seeing a large number of Android Enterprise devices becoming non-compliant in Intune on password-related settings.

Environment:

• Microsoft Intune
• Samsung devices only
• Android Enterprise
• Mix of Fully Managed and Corporate-Owned with Work Profile (COPE)
• Android versions ranging from Android 12 up to Android 16

The issue appeared suddenly without major policy changes.

In the Device Configuration Profiles, Fully Managed devices are showing errors on:

• Device password: Number of sign-in failures before wiping device
• Device password: Required password type
• Device password: Number of passwords required before user can reuse a password
• Device password: Minimum password length
• Device password: Number of days until password expires

In the Device Configuration Profiles, COPE devices are showing errors on:

• Device password: Number of sign-in failures before wiping device
• Device password: Required password type
• Device password: Number of passwords required before user can reuse a password
• Device password: Minimum password length
• Device password: Number of days until password expires

And additionally on:

• Work Profile password: Number of days until password expires
• Work Profile password: Minimum password length
• Work Profile password: Number of passwords required before user can reuse a password
• Work Profile password: Required password type
• Work Profile password: Number of sign-in failures before wiping device

As a result, both device types are becoming non-compliant on these compliance requirements:

• Required password type
• Number of passwords required before user can reuse a password
• Number of days until password expires
• Minimum password length

The most interesting part:

• After the user manually changes their PIN/password, the device becomes compliant again.
• However, users are NOT getting any prompts or notifications from Android/Intune that a password change is required.
• So the remediation is currently completely manual.

All other configuration settings deploy successfully. Only password-related settings are failing.

Has anyone else seen this recently? Any known fixes or recommended changes for this?

Hi all,

We suddenly started seeing a large number of Android Enterprise devices becoming non-compliant in Intune on password-related settings.

Environment:

• Microsoft Intune
• Samsung devices only
• Android Enterprise
• Mix of Fully Managed and Corporate-Owned with Work Profile (COPE)
• Android versions ranging from Android 12 up to Android 16

The issue appeared suddenly without major policy changes.

In the Device Configuration Profiles, Fully Managed devices are showing errors on:

• Device password: Number of sign-in failures before wiping device
• Device password: Required password type
• Device password: Number of passwords required before user can reuse a password
• Device password: Minimum password length
• Device password: Number of days until password expires

In the Device Configuration Profiles, COPE devices are showing errors on:

• Device password: Number of sign-in failures before wiping device
• Device password: Required password type
• Device password: Number of passwords required before user can reuse a password
• Device password: Minimum password length
• Device password: Number of days until password expires

And additionally on:

• Work Profile password: Number of days until password expires
• Work Profile password: Minimum password length
• Work Profile password: Number of passwords required before user can reuse a password
• Work Profile password: Required password type
• Work Profile password: Number of sign-in failures before wiping device

As a result, both device types are becoming non-compliant on these compliance requirements:

• Required password type
• Number of passwords required before user can reuse a password
• Number of days until password expires
• Minimum password length

The most interesting part:

• After the user manually changes their PIN/password, the device becomes compliant again.
• However, users are NOT getting any prompts or notifications from Android/Intune that a password change is required.
• So the remediation is currently completely manual.

All other configuration settings deploy successfully. Only password-related settings are failing.

Has anyone else seen this recently? Any known fixes or recommended changes for this?

We have a lot of personal / BYOD devices enrolled in our Intune environment.

Why?

No one knows. We are a MAM-only company. We even don't have any iOS or Android device configuration...

Did a test to retire an iOS and Android device. It worked like a charm.

But still I'm very anxious to retire 35 iOS devices and 25 Android devices.

Anybody help me to ease my mind?

Any risk? Did it ever failed? Or wiped too much?

Am so afraid it will accidently wipe the full device or erasing some user data.

O and yes, we blocked now the personal enrollment option at last. Don't be to hard on me, I inherited this pile of garbage.