Not all Android devices will be guaranteed to prompt for password creation if you have left the required password type as “device default”. Also, if set inside a Device compliance policy, these devices may still show as compliant. In the future, Intune will be removing this value to prevent the creation of policies that may not act as expected. To prevent inconsistent behaviors in policies created prior to the Intune removal, edit your profiles and policies to select a different password type. Hybrid (Intune with Configuration Manager) customers do not need to take any action.
Note that if you select “any” or “required” as password types, a biometric password will be acceptable. To enforce additional password values such as Minimum password length, choose one of the numeric or alphanumeric password types.
These password configurations are currently located in these locations:
Device configuration > Profiles > Android device restrictions profile > Password tab
Device configuration > Profiles > Android enterprise, Work profile only device restriction profile > Work profile settings tab
Device configuration > Profiles > Android enterprise, Work profile only device restriction profile > Device password tab
Device configuration > Profiles > Android enterprise, Device Owner only device restriction profile > Device password tab
Device compliance > Policies > Android policy > System Security tab
Device compliance > Policies > Android enterprise policy > System Security tab
In addition to removing the “device default” value this fall, we will be making slight changes to align the controls between the different areas in the portal. Customers who currently have profiles or policies with “device default” will see communications in the Office Message Center about the need to modify this value and more definitive timelines on enforcement. Let us know if you have any questions!