This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 49%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Hi,
I have been implementing security baselines for Windows devices (MDM Security Baseline for Windows 10 and later for November 2021 template) in Microsoft Intune. However, there seems to have an issue with the InteractiveLogon_MachineInactivityLimit policy.
Indeed, I have a custom profile that enforces a Machine Inactivity Limit of 900 seconds on devices. When I configure the Security Baseline, the "Minutes of lock screen inactivity until screen saver activates" policy (equivalent to InteractiveLogon_MachineInactivityLimit which cannot be set to Not configured) with 15 minutes (description mentions that it should be set in minutes and not in seconds), I have a conflict for this policy between my profile and Security Baseline. I have tried adapting the Security Baseline by entering 900 seconds, but the conflict remains.
Is there anything that I would be missing here?
I am also aware that having two profiles for one policy is not recommended but in my case, the same value is enforced so there should be no conflict. I would therefore like to understand what is the difference between the two and how they are working.
Thank you in advance for the help.
Guillaume
My question has been duplicated multiple times because the page was hanging when posting the question. The following question should be removed or closed: https://learn.microsoft.com/en-us/answers/questions/1276456/inconsistent-interactivelogon-machineinactivitylim.
My apologies for the inconvenience.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Guillaume Bossiroy, Thanks for posting in Q&A. For your request, we have duplicated the link you mentioned. We will follow in this link.
For your issue, based on my checking, I find the setting "Minutes of lock screen inactivity until screen saver activates:" using the CSP "./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit" to deploy the value is the amount of inactivity time (in seconds).
And I notice you have configured a custom policy with the same CSP with the same seconds value.
Then I go to test in my environment. I find the same issue as yours. It seems we can't configure the same setting in two different policies. It will cause conflict.
I think we need to unassign one policy to the user group or device group to avoid the conflict issue.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Crystal-MSFT ,
Thank you for your answer.
Would you know if the Security Baseline policy Minutes of lock screen inactivity until screen saver activates should be configured in seconds or in minutes as described in the policy description?
Thank you in advance,
Guillaume
(Just for your information, my other duplicated question has been linked to another question on Azure Function)
@Guillaume Bossiroy, Thanks for the reply. Based on the setting, I think it is configured in minutes.
Perfect, thank you very much for your answer
@Guillaume Bossiroy, Thanks for marking the reply as answer. I am glad that the information can help. If there's anything else I can help in the future, feel free to post in Q&A to discuss together.
Thanks for your time and have a nice day!