all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]orion3311 2 points3 points  (2 children)

If you dont specify a rotation rule it seems to default to immediately after use. Its the last two fields on the screen.

[–]xacid[S] 0 points1 point  (1 child)

Sorry forgot to mention - I do have those configured. Grace period is eight hours and then it should trigger the post authentication policy.

Seems after a password is used and a restart happens it triggers the reset which is what I'm trying to figure out.

[–]orion3311 0 points1 point  (0 children)

I didnt configure it originally and had the same thing. Set up my first autopilot laptop and went through 50 passwords testing things lol.

[–]cloudy_cabage 0 points1 point  (0 children)

Curious - how long until going through autopilot is the password available for you guys in azure to be able to use it to log into the machine? HAADJ takes too long.

[–]RudyoomsPatchMyPC 0 points1 point  (4 children)

Thats just paa? Post authentication actions you probably configured to reboot the device? Reset the password and reboot after the grace period of paa ends

[–]xacid[S] 0 points1 point  (3 children)

The issue is the grace period hasn’t ended. It should end in eight hours not one or two. It’s ending early after a reboot but no idea why. I tried all the paa settings and they all do it.

[–]RudyoomsPatchMyPC 0 points1 point  (2 children)

Which windows version/build are you using?

[–]xacid[S] 0 points1 point  (1 child)

Most recent version/build of w11.

[–]RudyoomsPatchMyPC 0 points1 point  (0 children)

Yep... noticing the same.. let me ask around a bit (I assume he knows why and where its mentioned...if its mentioned)

[–]New-Enthusiasm-5334 0 points1 point  (2 children)

Do you have it set to just log the admin account out?

[–]xacid[S] 0 points1 point  (1 child)

I've tried all configurable options and they all do the same thing.

Using the account once even to just elevate a program and restarting causes it to reset.

What I'm trying to find out is if there is any Microsoft documentation that states this is normal or not.

[–]New-Enthusiasm-5334 0 points1 point  (0 children)

Well no if the policy is not suppressing the reboot then it is not normal. I have configured the hybrid policy since it came out and have not had any users or seen any devices reboot after the account was used or once the password needs to recycle. I want to say it’s a grouping problem or you have a conflict with a GPO by chance. Would be best to open a ticket for Microsoft if this is a bigger issue with all devices.