HomeNews And MediaInternet And TelecommunicationEnforcing Password History Policy Utilizing Intune
Internet and Telecommunication

Enforcing Password History Policy Utilizing Intune

Comfort Oguejiofor profile image By Comfort Oguejiofor
  • --
  • 2
Enforcing Password History Policy Utilizing Intune Unsplash

Discover more about Enforcing Password History Policy Utilizing Intune.

This article discusses the method of implementing a password history policy through Intune. By utilizing the Configuration Profile feature in Intune, Windows users can enforce device password history to prevent the recycling of passwords. The Intune Settings catalog allows you to set the device password history and determine the number of passwords that cannot be reused. The initial value is '0' and you can set it up to a maximum of 50.

What is the Definition of Enforcing Password History?

Put simply, the enforce password history policy setting dictates how many different new passwords are required for a user before they can reuse an old password. This configuration will help decrease vulnerabilities caused by reusing passwords. Furthermore, Microsoft suggests utilizing the Minimum password age setting to ensure the policy's effectiveness by discouraging frequent password changes from users.

The Danger Linked To The Past Passwords Of A Device

If users set a low number for the Enforce password history service, they are able to use a small number of passwords repeatedly. If a minimum age requirement is not set for password changes, users are able to update their password multiple times in order to go back to their original password.

Policy CSP for DevicePasswordHistory in Intune

The DeviceLock Policy CSP introduces a fresh option, named DevicePasswordHistory, which determines the number of passwords permitted in the history and cannot be used. It is crucial to mention that the specified value includes the user's current password. If you are unsure, lets clarify the concept of device password history with an example. When DevicePasswordHistory is set to 1, users are unable to use their current password again when selecting a new one. 

Setting the DevicePasswordHistory value to 8 prohibits users from choosing their current password or any of the last seven passwords when setting a new one. If you intend to enforce password history using the DevicePasswordHistory Policy CSP in Intune, utilize the following CSP URI. ./Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordHistory

Implement a Password History Policy with Intune

Follow the steps provided below to establish a policy for enforcing password history using Intune for Windows users.

Log in to the Microsoft Intune administrative portal.

Choose Devices > Windows > Configuration Profiles.

Select Create > New Policy to establish a fresh policy.

Choose the options listed on the Create a Profile panel.

Operating system: Windows 10 and subsequent versions

Type of Profile: Settings Collection

On the Basics tab, indicate the name of the policy and provide a short description of it. This will simplify the process for other Intune admins to locate this profile.

Please proceed by clicking on the Next button.

Click on Add Settings in the Settings Catalog section within the Configuration Settings. In the Settings picker window, enter "device password history" in the search box and then click on Search. Choose the Device Lock category from the search results.

Choose the "Device Password History" option in the lower panel to set up the password history. Shut down the Settings Picker window.

Set up the following options within the Device Lock section.

Device Password Disabled: By default, this option is turned off. Activate it by sliding the bar to the right.

Password History for Device: In the example below, a value of 8 has been specified. This indicates that the user is not allowed to choose their current password or any of the last seven passwords as their new password.

Press Next to proceed.

You can define scope tags on the scope tags tab. You are not required to specify scope tags, so feel free to skip this step if you choose. Select the Next option.

Specify the Entra ID groups in the Assignments tab to assign the policy. It is advisable to initially roll out the profile to a small number of test groups before expanding it to additional groups provided the testing yields positive results. Choose the following option.

Lastly, review all the settings you have set up for enforcing the password history policy with Intune on the Review+Create tab. Press the Create button.

Once you have set up the configuration policy in Intune, you will see a notification stating: "Policy successfully created." This validates that the policy is established and currently being implemented in the selected groups. The recently generated setup profile is visible in Intune's lineup of configuration profiles.

Initiate a Synchronization Process For Intune On Windows Devices

In order to get the policy settings mentioned above from Intune, the Windows devices need to be registered with Microsoft Intune and, importantly, they need to have an internet connection. The devices will sync with Intune regularly to receive the latest policies. In order to expedite the process of policy assignments, you have the option to synchronize Intune policies on your Windows computers through various methods to ensure that you have the most up-to-date policies from Microsoft Intune.

Supervise the Enforcement of Password History Policy Assignment

During the application of policy settings to Windows devices, you can track which devices and users have effectively received the enforcement of password history policy settings in Intune. Choose the policy in the Intune admin center and examine the status of the device and user check-ins. In the section titled "Device and user check-in status," you can view the combined count of devices and users that have effectively accepted the policy settings.

Click on View Report to see the device names that have successfully received the policy settings. Sometimes, the Intune policy might not be successfully applied to specific users or devices. To address the problems, we suggest examining Intune logs on Windows PCs.

Check the DevicePasswordHistory Policy on Windows Devices

In this part, we will show different ways to check if the Intune device password history policy has been properly implemented on our devices. There are two methods you can use to verify if Intune has applied the device password history settings on your Windows devices.

Event Viewer for Windows

Registry of Windows operating system

Event Viewer for Windows

Open the event viewer on the Windows device by executing the shortcut command eventvwr. Afterward, navigate to the specified location in the event viewer to check out the Intune MDM event logs. Logs and services provided by Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin. After reaching the specified location in Event Viewer, you can narrow down the current log by filtering with Event ID 813.This will provide you with immediate access to the event logs you seek. 

Registry of Windows

Open the registry editor on the Windows device and go to the specified path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\1F8A61D5-C483-45C6-A23B-5EC8C599E5F0\default\Device\DeviceLock - The specified registry key. To the right, there are numerous registry entries related to the device lock policy.

Search for the registry entry called "DevicePasswordHistory" within them. The DevicePasswordHistory registry entry has a value of 8, as specified in the device lock policy settings in Intune. This shows that the Windows registry can be utilized to verify if the device's password history settings are being enforced through Intune.

Tags:
Internet and Telecommunication World
Author Image
Written By Comfort Oguejiofor

Comfort is a professional writer with years of experience. She is passionate about helping businesses achieve their goals through compelling writing. She has a unique blend of passion, creativity, and expertise, and her work spans across a variety...

View Profile
Follow:
Related Posts
Commnets --
Leave A Comment
Categories
10 Prompts On Chat Gpt To Take Your Business To New Heights

10 Prompts On Chat Gpt To Take Your Business To New Heights

  • 3 months ago
The Hidden Costs Of Working Online And Making Money Online

The Hidden Costs Of Working Online And Making Money Online

  • 3 months ago
How To Build Business Credit As A Small Business Owner

How To Build Business Credit As A Small Business Owner

  • 3 months ago
New Era Of Ai In Financial Planning

New Era Of Ai In Financial Planning

  • 3 months ago
The Rise Of Ai In Film Production: Beyond The Special Effects

The Rise Of Ai In Film Production: Beyond The Special Effects

  • 3 months ago
How To Save Money On Groceries Without Compromising Nutrition

How To Save Money On Groceries Without Compromising Nutrition

  • 3 months ago
Balancing Personal Financial Goals With Family Expectations

Balancing Personal Financial Goals With Family Expectations

  • 3 months ago
Digital Dominance: Strategies For Modern Business Growth

Digital Dominance: Strategies For Modern Business Growth

  • 3 months ago
What To Do If Your Company Faces A Public Relations Crisis

What To Do If Your Company Faces A Public Relations Crisis

  • 3 months ago
5 G Unleashed: How It's Reshaping Connectivity And Communication

5 G Unleashed: How It's Reshaping Connectivity And Communication

  • 3 months ago
What To Do If Your Small Business Runs Out Of Cash

What To Do If Your Small Business Runs Out Of Cash

  • 3 months ago
5 Common Cashflow Problems For International Businesses

5 Common Cashflow Problems For International Businesses

  • 3 months ago
How TSC Promotes Teachers in Kenya: Full Criteria and Scoring System Explained

How TSC Promotes Teachers in Kenya: Full Criteria and Scoring System Explained

  • 3 months ago
Trump Imposes 125% Tariff on China, Announces 90-Day Pause, Says Tariffs Will Make U.S. Wealthy

Trump Imposes 125% Tariff on China, Announces 90-Day Pause, Says Tariffs Will Make U.S. Wealthy

  • 6 months ago
Mnetizen.co.ke: Your One-Stop Giga-Website for Everything Under the Kenyan Sun

Mnetizen.co.ke: Your One-Stop Giga-Website for Everything Under the Kenyan Sun

  • 6 months ago
Protests Around the U.S. Today: A Deep Dive into the 'Hands Off' Movement and Trump Protests

Protests Around the U.S. Today: A Deep Dive into the 'Hands Off' Movement and Trump Protests

  • 6 months ago
Voice of Integrity: Remembering Rita Tinina, the Beacon of Journalistic Excellence

Voice of Integrity: Remembering Rita Tinina, the Beacon of Journalistic Excellence

  • over 1 year ago
Uhuru Kenyatta vs. Raila Odinga: Who Will Lead the African Union? An In-Depth Analysis

Uhuru Kenyatta vs. Raila Odinga: Who Will Lead the African Union? An In-Depth Analysis

  • over 1 year ago
The Looming Storm: Will Kalonzo and Wamalwa Form a 2027 Ticket?

The Looming Storm: Will Kalonzo and Wamalwa Form a 2027 Ticket?

  • over 1 year ago
Navigating Investment Opportunities Amidst Kenya Shilling's Volatility

Navigating Investment Opportunities Amidst Kenya Shilling's Volatility

  • over 1 year ago
Navigating Kenya Shilling's Free Fall: The Role of Edge Markets

Navigating Kenya Shilling's Free Fall: The Role of Edge Markets

  • over 1 year ago
Revolutionizing Education: Bridging Knowledge and Wealth

Revolutionizing Education: Bridging Knowledge and Wealth

  • over 1 year ago
Nurturing Growth: How Kenya's Digital Economy Can Mitigate the Free Shilling Fall

Nurturing Growth: How Kenya's Digital Economy Can Mitigate the Free Shilling Fall

  • over 1 year ago
Navigating Economic Challenges: A Guide to Thriving Amidst a Weakening Kenyan Shilling

Navigating Economic Challenges: A Guide to Thriving Amidst a Weakening Kenyan Shilling

  • over 1 year ago