This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 55.00000000000001%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDH%3C/text%3E%3C/svg%3E)
We are using Endpoint Manager to enroll and install Windows O/S and company polices. All Windows devices are getting Non-Compliant status. I get the following two errors in Event Viewer:
MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordComplexCharacters), Area: (DeviceLock), EnrollmentID requesting set: (0DA44E47-6CFF-4BD0-A8BA-5FB790475719), Current User: (Device), Int: (0x4), Enrollment Type: (0x6), Scope: (0x0), Result:(0x86000011) Unknown Win32 Error code: 0x86000011.
MDM ConfigurationManager: Command failure status. Configuraton Source ID: (0DA44E47-6CFF-4BD0-A8BA-5FB790475719), Enrollment Type: (MDMDeviceWithAAD), CSP Name: (Policy), Command Type: (SetValue: from Replace), CSP URI: (./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordComplexCharacters), Result: (Unknown Win32 Error code: 0x86000011).
Password policy is set to use Device Default password complexity.
We do have a script that adds a local admin account that sets the password never to expire. Built in admin account is disabled. Plan on moving to LAPS in the near future.
Is the error being caused by having the additional local admin account, because we have password policy set to Device Default and not Alphanumeric, or something else?
Any insight would be greatly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Darren Heath, Thanks for posting in Q&A. For the error message, i know it is affected to MinDevicePasswordComplexCharacters
For the Password Type: Device default (default), it means require a password, numeric PIN, or alphanumeric PIN. Please change the local user account password to meet the requirement to see if the issue can be fixed.
Meanwhile, based on my researching, I find the password policy applies to current local account and all administrator accounts.
I notice the Built in admin account is disabled. Please enable the built-in admin on one device and change its password to meet the requirement to see if it is the issue.
Please try the above suggestion and if there's any update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for responding. I took the time and read through the material links you listed. I changed the password for LocalAdmin and built in Admin account and ran a sync (verified new time stamp) but still see the non-compliance error. :(