How can I troubleshoot why my on prem user password complexity policy isn't applying to user-initiated reset from Entra only joined devices?
I work in a K12 education environment where we have relaxed password complexity for young students. These policies have been working since the introduction of FGPP in 2008, while we were entirely on-premises. Recently, we implemented Intune device management for students, and when they go through the previous steps of a CTRL+ALT+DEL user-initiated password reset from an Entra device, the online portal does not accept the password complexity from on-premises. Weak passwords get rejected. Repeating that test on a domain-joined device gets the expected results we have always gotten, allowing students to use a weaker password. All the documentation I have read says a synced user should get the policies specified on-premises, and I can't figure out what I'm missing. Can anyone suggest some troubleshooting steps or solutions? Thanks in advance.