I am having the same problem on a windows 10 enterprise system. The policy is set to require a change every 360 days but i am being required to change it every time i log in. Last night i was required to change it 3 times before i got to a desktop.
Hello Everyone, The first time I ran into this issue was Feb 2017. The case back then was closed without resolution. This week, we decided to test adding a couple of Windows 10 Pro systems to our MDM once again, but ran into the same password prompt issue. Today, I opened another case on it, and this was the official response:
Thank you for contacting Cisco Meraki Technical Support! At the moment, we are currently experiencing issues with Windows devices receiving the password payload, where it causes the behaviour you are describing. Our developers are currently working on a fix for this issue. Unfortunately Support does not have an estimated timeframe for this, but I will provide an update for you as soon as I hear any.
I apologize for this inconvenience this will cause for your network and devices. In terms of a workaround, are you able to remove the passcode payload from the test profile to make sure the devices are not constantly resetting, and become functional?
I did, in fact, remove the passcode portion from the profile, and it seemed to fix the problem for a little while, but then it started happening again... so I deleted the settings profile for our windows machines completely and this fixed the problem until I attempted to push an application to the Windows client. As soon as I added a custom app with tags matching the windows clients (ThinkPad, Test) the password looping issue returned. This was prior to even attempting to push the application.
I'm continuing to test... my next steps will be as follows: 1. uninstall the agent from the windows client
2. disconnect client from the windows "connect to work / school"
3. remove all tags from the device in the dashboard
4. remove owner from the device on the dashboard
5. delete the custom windows app from the App dashboard
6. delete the windows client from the network
7. wait 24 hours (this is important I've found in the past)
8. re-add the windows client starting with the "Connect to Work and School" step
Hello Community~ I hope everyone had an awesome and safe Independence Day.
Here are the steps I took to continue the testing:
On the Windows Client click start > type connect to work > click on the best match result > Clicked on Enroll only in Device Management > Entered in my work email > the server info > my network ID
Windows device successfully connected. Confirmed client appeared in Dashboard. Removed any auto-tags that attached. note: No live tools appear, but that is expected.
Logged out and back in. Password remained intact.
Downloaded the agent onto the Windows Client and installed it. Waited 15 mins.
Checked client in the dashboard and the Live Tools appear. Tested notifications, screenshot and remote desktop successfully.
Sent a reboot command to the Windows Client using Power Control successfully.
Logged in without password change prompt on both accounts on that client.
Waited 1 hour and tested the passwords again via logoff/logon and also a reboot and they remained intact.
Now I have a baseline. The client is checking in, reporting activity, and not prompting for password changes. We know per Tech Support that adding a profile with a password payload will trigger the issue. I will refrain from adding any profile payload at all.
Next Phase of Testing: Add tags to the Windows Client, Create a Windows Custom App and attach those tags, and prior to pushing that app, ensure that this does not cause the password loop issue. I will report again.
out-of-scope research: Confirm why this system fails the policy audit due to "FW not installed, FW not enabled, AV not running" even though Windows Defender and Windows Firewall are both enabled / running / updated.