Hey there,
This definitely sounds like a frustrating situation! You've clearly done the work to configure the Intune policy correctly, and it's puzzling why the device isn't enforcing the restrictions.
Here are a few ideas that might help:
Device Enrollment Type: Is the device enrolled as Hybrid Azure AD Joined or Azure AD Joined? Some policy settings might behave differently depending on the enrollment type. Double-check that your Intune configuration is appropriate for your enrollment scenario.
Policy Conflict: Is there any chance another policy (Group Policy, local policy, or another Intune policy) could be overriding your Windows Hello for Business PIN complexity settings? It's worth investigating if there might be a conflict somewhere.
Device Sync: Make sure the device has recently synced with Intune to receive the latest policy updates. You could try forcing a sync from the Intune portal or on the device itself.
If you can provide more details about your environment (enrollment type, OS version, Intune policy configuration, etc.), it might help identify potential solutions or workarounds.
Hopefully, these ideas will help you pinpoint the cause of the issue and don't hesitate to ask if you have any further questions!
Best,
T.