This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 38%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
We are trying to manage/set the policy for local accounts on workstations joined to azure cloud. (no on-prem domain or hybrid)
I followed this
https://www.anoopcnair.com/mdm-wins-over-gpo-group-policy-intune-policy/
and created this policy as well
https://howtomanagedevices.com/intune/2409/password-policies-using-intune/
But 24 hours later, the user signs into a local account (to manage local resources outside of 365)
and the local policy still displays the default 42 days, etc. I set it to 90 days, for example among other changes.
Have you setup LAPS in Entra ID and Intune? https://rahuljindalmyit.blogspot.com/2023/04/windows-laps-with-microsoft-entra-azure.html
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@iconoclast88, Thanks for posting in Q&A.
For your issue, I have followed the link you provided to configure the password policy for the local account, in the Local Group Policy Editor of targeted device I met the same with you, however, based on my experience, Intune policy will just modify settings on the device via Windows CSP, it will not modify the GPO settings, so please check the policy status in Intune portal and go to the targeted device to check if there is some error in Event Viewer(Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin) and check the registry values(Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\9A96DE87-65BD-437E-B915-14B601DAE840\default\Device\DeviceLock, the value under Providers maybe different in different devices) were changed.
https://howtomanagedevices.com/intune/2409/password-policies-using-intune/
Non-official, just for reference.
If there are no errors in Event Viewer and the registry values are same as the policy's settings you configured in Intune, that means the policy applied successfully and you have settled Max password age value to 90.
Hope this can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@iconoclast88, Hope things going well.
May I know the status from your side? If there is any update, feel free to let me know.
@iconoclast88, Hope you have a good day.
If the answer is helpful, please click "Accept Answer" and kindly upvote it to help others with the same problem as soon as possible.