Share via

Screens not locking after inactivity

Mauri Koiranen 11 Reputation points
2022-10-20T13:54:07.203+00:00

Hello, in our enviroment we need our computers to lock their screens after some time of inactivity.

To achieve this, using our M365-enviroment's management tool, Microsoft Endpoint Manager (formerly known as Intune) admin center. We have created:

  1. Device compliance policy with "Maximum minutes of inactivity before password is required" and the value here is "15 mins" but the device's screen doesn't lock. In the admin center the computer and it's user seem to be compliant with the policy252429-epman-1.png

252430-epman-2.png252521-epman-3.png

252522-epman-4.png

  1. Also we tried to create configuration policy to achieve this, but it didn't work either:
    252485-conf-policy-inactive-screen.png252541-conf-policy-inactive-screen-2.png

what would need to be done to achieve this?

Thanks!

BR,
Mauri

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,046 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,782 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Caleb-MSFT 6 Reputation points
    2022-10-21T06:01:16.397+00:00

    @Mauri Koiranen , Thanks for posting in our Q&A. From your description, I know that we have deployed the screen lock policy via both compliance policy and Setting Catalog policy. Both shows successfully, but it won’t lock after the time reached. If there is any misunderstanding, feel free to let us know.

    In my lab, I created a configuration policy and set Max Inactivity Time Device Lock with 2 minutes.
    252799-image.png
    After the policy is applied, the testing device lock automatically after 2 minutes. The device is windows 10 21H2 enterprise.

    To clarify your issue, could you check the following information:

    1. Check the registry entries related to the Device Lock Inactivity Time in the following registry path to see if the MaxInactivityTimeDeviceLock is 15:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\DeviceLock
      Note: Data should be visible as the value you defined in the policy.
      252800-image.png
    2. How many devices are affected? Was it only affect with some specific devices? If yes, please check if there’s any difference between the working one and the not working one?
    3. What is the affected device version? And what is the edition, Enterprise, professional or business?

    Please check the above information and if here’s any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Mauri Koiranen 11 Reputation points
    2022-10-24T12:47:27.68+00:00

    Hello, thanks for the reply.

    1. I also modified the "device lock" value to "2" to make it clear that it changes.
      253583-regedit-screenlock.png

    So it seems that the policy is on the computer, but not doing anything.

    1. This concerns only the one testing laptop that we are using to make sure that things work, before applying a policy on the whole organization.
    2. Device has a Windows 10 version 21H2 (build 19044) and the OS is "business".

    BR,
    Mauri

  3. Bradley Bird 106 Reputation points
    2022-10-25T12:58:07.917+00:00

    Is the computer in an on-premise domain and being managed with Group Policies?

  4. Andrew Porter 0 Reputation points
    2023-11-29T11:27:59.35+00:00

    Short answer

    Lock Screen Settings conflict with Screensaver settings

    Problem

    We're also having this issue during testing on a Windows 10 22H2 Enterprise device with E5 license.

    This guide is helpful for setting it up and checking the policy is applied: https://www.anoopcnair.com/set-automatic-lock-screen-for-inactive-device-intune/

    • You can check the Event log: Applications and Services Logs – Microsoft – Windows – Devicemanagement-Enterprise-Diagnostics-Provider – Admin and look for Event ID 813
    • Check the reg key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\DeviceLock MaxInactivityTImeDeviceLock
    • Run RSOP to see if any GPO settings on the device affect this
    • Confirm the lock screen image is on the device in the path (or cached path) specified in the policy

    For me, it's currently locking the screen after 10 minutes when I set 1 minute as a test. This 10 minutes seems to be forced by a Screen saver timeout GPO setting. I found an old article that mentioned a similar setting in Group Policy which said the 'screensaver had to be active' for this to work but that might not be applicable.

    Settings that might have some affect on this setting I would guess are:

    • Screensaver timeout
    • Screensaver settings
    • Power Settings
    • “Endpoint protection” , “Local device security options” and “Minutes of lock screen inactivity until screen saver activates

    Solution

    I found that a GPO was applying a screensaver settings that was configured for 10 minutes. This won the conflict. Once I removed this GPO setting the Lock Screen would trigger at the MaxInactivityTImeDeviceLock I set of 1 minute. If you open SETTINGS > PERSONALIZATION > LOCK SCREEN . SCREEN SAVER SETTINGS > Then check what the WAIT time is set to. For me, this was at 10 minutes, once I removed the GPO setting this was set to 1 minute

    0 comments