Easy Way to Disable Device Password Sync with Intune

This article will explain how to Disable Device Password Sync with Microsoft Intune. We will use the Configuration Profile to configure it.

Preventing device password sync is a policy setting that stops the synchronization of passwords between a Windows device and the user’s Microsoft account. If you disable the setting, the “passwords” group won’t be synced. This setting is crucial for organizations that want to enhance security and ensure that sensitive password information is not stored or transmitted outside of their managed environment.

Sync your settings – Do not sync passwords” is a feature available in Windows operating systems that allows users to synchronize certain settings and preferences across multiple devices linked to the same Microsoft account. This feature primarily aims to provide a consistent experience across devices by syncing settings such as themes, language preferences, browser settings, and more.

However, to enhance security and privacy, Windows can exclude password synchronization while still allowing other settings to sync. This means that users can synchronize most of their settings across devices without compromising the security of their passwords.

Patch My PC

Disabling device password sync is a proactive measure to enhance security, ensure compliance, and control sensitive information in a corporate environment. It reduces the risk of unauthorized access, data breaches, and other security threats while simplifying management and incident response efforts.

Easy Way to Disable Device Password Sync with Intune. Fig. 1
Easy Way to Disable Device Password Sync with Intune. Fig. 1

Importance of Disabling Device Password Sync

Disabling device password sync in a corporate environment is a strategic decision that enhances security, ensures compliance, and maintains control over sensitive information. Here are the key reasons for disabling device password sync.

CategoryDetails
Enhanced SecurityPrevent Unauthorized Access: By disabling password sync, you prevent passwords from being stored in or transmitted to less secure personal devices or cloud services, reducing the risk of unauthorized access.
Mitigate Data Breaches: Syncing passwords increases the risk of data breaches. Disabling this feature ensures that passwords remain within the confines of secure, managed devices.
Regulatory ComplianceData Protection Regulations: Many industries are subject to strict data protection regulations (e.g., GDPR, HIPAA). Disabling password sync helps organizations comply with these regulations by ensuring that sensitive credentials are not inadvertently shared or stored inappropriately.
Auditing and Monitoring: Compliance often requires detailed auditing and monitoring of data access and transfer. Disabling password sync simplifies compliance by reducing the number of places where sensitive data is stored and accessed.
Control and ManagementCentralized Management: By preventing password sync, IT departments can ensure that password management is centralized and controlled within the corporate environment. This allows for consistent application of security policies and easier monitoring.
Policy Enforcement: Disabling password sync helps enforce organizational policies regarding password management and data security, ensuring that users cannot circumvent these policies by syncing their passwords to personal accounts or devices.
Risk MitigationLimit Exposure: Syncing passwords to multiple devices increases the exposure and potential attack surface. Disabling password sync minimizes this exposure, limiting the potential impact of a compromised device.
Reduce Phishing Risks: With passwords not synced to various devices, the risk of phishing attacks targeting synced credentials is reduced, as passwords are only entered and stored on secure, managed devices.
User Behavior ControlPrevent Weak Password Practices: Users might employ weaker passwords if they know they can sync them across devices for convenience. Disabling sync encourages stronger password practices by requiring users to manage passwords independently on each device.
Discourage Personal Device Usage: Disabling password sync discourages users from using personal devices for work purposes, thereby maintaining a clear boundary between personal and professional use and reducing the risk of data leakage.
Incident ResponseSimplified Incident Response: In the event of a security incident, having passwords confined to managed devices simplifies the incident response process. IT teams can focus on securing and investigating a smaller, more controlled environment.
Quicker Remediation: If a password needs to be reset or an account needs to be secured, IT teams can act more quickly and effectively if passwords are not distributed across multiple devices and platforms.
Easy Way to Disable Device Password Sync with Intune. Table. 1

Create Configuration Profile to Disable Device Password Sync with Intune

Follow the below-mentioned steps to create a configuration policy to Disable Device Password Sync with Microsoft Intune. Log In to the Microsoft Intune Admin Center using your administrator credentials.

  • Navigate to Devices  Windows > Configuration Profiles
  • Click on +Create +New Policy
Easy Way to Disable Device Password Sync with Intune. Fig. 2
Easy Way to Disable Device Password Sync with Intune. Fig. 2

In the next step, we can create a new Configuration Profile starting from scratch. For that, give the below options as mentioned.

Adaptiva
Easy Way to Disable Device Password Sync with Intune 1

On the Basics details page, we can name the Configuration profileDisable Device Password Sync.” If needed, provide a brief policy description and click Next.

Easy Way to Disable Device Password Sync with Intune. Fig. 4
Easy Way to Disable Device Password Sync with Intune. Fig. 4

We can now add the required settings to the Configuration Settings pane. To do so, click on +Add settings in the bottom left corner of the page.

Note! Microsoft has discovered that Intune admins may experience performance degradation when more than 400 settings are added to a single policy. While we continue to make improvements, please take this into consideration when designing your policies.

Easy Way to Disable Device Password Sync with Intune. Fig. 5
Easy Way to Disable Device Password Sync with Intune. Fig. 5

Search for “Sync your Settings” as a keyword. This will help you find the correct policy based on our current needs. Now you can see the “Administrative Templates\Windows Components\Sync your Settings under the Browse by category. Click on that and pick the settings below.

Note! Prevent the “passwords” group from syncing to and from this PC. This turns off and disables the “passwords” group on the “sync your settings” page in PC settings. If you enable this policy setting, the “passwords” group will not be synced. Use the option “Allow users to turn passwords syncing on” so that syncing it turned off by default but not disabled. If you do not set or disable this setting, syncing of the “passwords” group is on by default and configurable by the user.

Easy Way to Disable Device Password Sync with Intune. Fig. 6
Easy Way to Disable Device Password Sync with Intune. Fig. 6

Close the Settings picker window, toggle the “Do not sync password” option as Enabled and let “Allow users to turn “passwords” syncing on. (Device) as default (False). Click on Next

Easy Way to Disable Device Password Sync with Intune. Fig. 8
Easy Way to Disable Device Password Sync with Intune. Fig. 8

On the next page, Leave the Scope tags as Default. If you have any custom scope tags available, you can also select that for this deployment.

Easy Way to Disable Device Password Sync with Intune. Fig. 9
Easy Way to Disable Device Password Sync with Intune. Fig. 9

Click on Next and assign the configured policy to HTMD – Test Computers. In the Included Groups option, click on Add Groups and select the required device group.

Easy Way to Disable Device Password Sync with Intune. Fig. 10
Easy Way to Disable Device Password Sync with Intune. Fig. 10

On the Review + Create page, carefully review all the settings you’ve defined for the Disable Device Password Sync policy. Select Create to implement the changes once you’ve confirmed everything is correct.

Easy Way to Disable Device Password Sync with Intune. Fig. 11
Easy Way to Disable Device Password Sync with Intune. Fig. 11

Monitor the Disable Device Password Sync Policy in Intune

This particular policy has been deployed to the Microsoft Entra ID group (HTMD – Test Computers). The policy will take effect as soon as possible once the device is synced. To monitor the policy deployment status from the Intune Portal, follow the below-mentioned steps.

  • Navigate to Devices > Windows > Configuration Profiles > Search for the “Disable Device Password Sync” policy.
  • Under the Device and user check-in status, you can see the deployment status for the policy.
Easy Way to Disable Device Password Sync with Intune. Fig. 12
Easy Way to Disable Device Password Sync with Intune. Fig. 12

End User Experience – Disable Device Password Sync Policy

Now, we have to check whether the Disable Device Password Sync policy is working fine or not. Log on to one of the policy-targeted devices. This time we can check the policy status via Intune Event Logs. Open Event Viewer from the device.

  • Navigate to Applications and Services Logs > Microsoft > Windows > Devicemanagement-Enterprise-Diagnostics-Provider – Admin

Here are the latest logs for the Disable Device Password Sync policy. You can also filter the logs with “DisableCredentialsSettingSync” as a keyword, making them easy to find. We can also analyse the step-by-step logs in detail for more information about the targeted policy.

The screenshot below shows that the policy is successfully applied to the system!

Easy Way to Disable Device Password Sync with Intune. Fig. 13
Easy Way to Disable Device Password Sync with Intune. Fig. 13

I appreciate you taking the time to read my article. I’m excited to see you in the upcoming post. Continue to support the HTMD Community.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Vaishnav K has over 10+ years of experience in SCCM, Device Management, and Automation Solutions. He writes and imparts his knowledge about Microsoft Intune, Azure, PowerShell scripting, and automation. Check out his profile on LinkedIn.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.