Windows Passcode Profile fails


Unable to apply windows passcode profile policy.


This error happens if a Microsoft account is present on the devices.


When passcode policy fails you need to check the following:

  1. Presence of any microsoft account.
  2. If the local user setting is altered.

Steps to verify the presence of any Microsoft account:


  1. Open Power-shell as admin in the machine on which the Passcode profile fails.
  2. Run the command Get-LocalUser | select * to get all the local user accounts.
  3. .Check the PrincipalSource of each entry, any entry with MicrosoftAccount or other domain account might be causing the issue.
  4. Passcode policy will not work on devices with Microsoft account. Learn more.

Steps to verify if local user setting is altered:


  1. In Windows search, type in lusrmgr.msc and open the top suggestion.
  2. You will be presented with a list of users and groups, click on each non-local user and check if User cannot change password field is unchecked. If not, kindly uncheck that.

Note: The policy fails for Microsoft local account, but for domain accounts(AD accounts), the setting in domain account precedes the applied MDM policy.