We're starting to use Intune-managed laptops at my job, and as users are getting set up, we're asking them to create passwords for their Entra accounts. While some users have no issue, others are facing frustrating problems with password creation. One user tried both a 14-character and a 17-character password, including various capital and lowercase letters, numbers, and punctuation, but everything gets rejected with a message indicating the password isn't complete enough. I found a guideline that says passwords must have at least 8 characters and include 3 of the following 4 criteria: lowercase letters, uppercase letters, numbers, and punctuation. However, I can't seem to find a clear explanation for this issue. Can anyone help me understand what's going on?
3 Answers
One common mistake is users including parts of their usernames or names in their passwords, which can get automatically rejected. Just a thought!
Just a heads-up, any word in the banned password dictionary counts as one character. For instance, using something like 'Pa$$Wo1d' might seem like it meets the criteria, but it can get rejected because of those banned elements. You might want to check the article on password policies for more details: [Microsoft Entra ID Password Policy](https://learn.microsoft.com/en-us/enchantment).
Oh, wow. This is way more complex than I thought! Thanks for the link; I revisited the password rules article, and it definitely clears up a lot about the rejected passwords I've seen.
Are you implementing Entra in a Hybrid setup or is it fully Entra? If it's Hybrid, you need to ensure that a specific setting in the Entra AD Sync app is enabled to allow password changes for accounts synchronized with Active Directory.
The laptops don’t connect to AD directly, but we do have an AD domain syncing with Entra for a couple of services, like guest Wi-Fi.
Thanks for the idea, but that's not it. I tried a 17-character password that didn't have any of their personal identifiers.