Is this a bug with Intune configuration profiles and the "Interactive Logon Machine Inactivity Limit" setting?

Matt Day 36 Reputation points

I think I've found a device configuration profiles bug.

Here's how to reproduce it:

  1. Create a new device configuration profile for Windows 10, profile type = Settings catalog,
  2. In the Settings picker, search for "inactivity", and then select "Local Policies Security Options"
  3. Add, and then enable, the setting for "Interactive Logon Machine Inactivity Limit"
  4. Add this new configuration profile to some devices.

After one of my Windows 10 devices (a VM guest I use to test with) picked up this setting, it started locking the screen after just 1 second of inactivity. I had to continually wiggle the mouse to keep it from locking the screen while I debugged the problem.

I found the problematic setting:

  1. Run gpedit.msc
  2. go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  3. Observe that "Interactive logon: Machine inactivity limit" is set to 1 second

I went back to Endpoint Manager and disabled "Interactive Logon Machine Inactivity Limit". After the device picked up the new setting, the problem went away, and in gpedit.msc I could see that "Interactive logon: Machine inactivity limit" was now set to 0 seconds.

Seems like Endpoint Manager thinks the setting is a boolean, but gpedit.msc thinks the setting is an integer with units of seconds. I wonder if Endpoint Manager set the boolean value to 1, meaning Enabled, but the policy on the client computer interpreted it as 1 seconds.

This documentation thinks the setting is a boolean:

But this documentation thinks the setting is integer seconds:

Curiously, a Dell laptop of mine also picked up this setting, but it did not start locking the screen after 1 second, even though in gpedit.msc I could see the setting was "1 second". Dunno why the problem wasn't happening on the Dell laptop. Maybe some other setting needs to be set a certain way to reproduce the bug. My Dell laptop is not configured exactly the same as the VM guest.

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,772 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,578 questions
{count} votes

Accepted answer
  1. Crystal-MSFT 44,931 Reputation points Microsoft Vendor

    @Matt Day ,Thanks for posting in our Q&A. Based on my test on the VM in lab. I get the same phenomenon as yours. I noticed you have reported this issue in uservoice as well:

    We can wait if we can get any update here. Meanwhile, I will try my best to feedback. If I can get any update on this. I will post back.

    As this is a feature in preview which means still in testing phrase. as another option, We can consider another setting "Minutes of lock screen inactivity until screen saver activates" under Endpoint protection device configuration to set the maximum minutes of inactivity on the interactive desktop. In my test, I set it as 1 minute which means it will lock after 1 minutes without any user activity.


    Hope it can help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Cory Seaman 1 Reputation point

    We're experiencing the same issue - one HP Spectre x360 is experiencing immediate logoffs, but other laptops are not.
    Please escalate the fix to make the Interactive Logon Machine Inactivity Limit setting an integer value rather than boolean!

    0 comments No comments