You are reviewing a Windows 10 compliance policy in Microsoft Intune. A user with a device running Windows 10 version 20H2 (build 19042.985) reports that the device is marked as non-compliant. The device has a password of length 8, a PIN with 4 characters, Secure Boot enabled, BitLocker enabled, and Windows Defender Firewall active. What is the most likely reason for non-compliance?
Password minimum length is 6, but PIN length is 4.
Why this answer
The device uses a PIN with only 4 characters, which does not meet the minimum password length of 6. In Intune compliance policies for Windows 10, the 'Minimum password length' setting applies to both passwords and PINs. A PIN of 4 characters violates this requirement, causing non-compliance even if other settings like BitLocker and Secure Boot are properly configured.
Exam trap
The trap here is that candidates assume a PIN is separate from a password and not subject to the same minimum length requirement, but Intune's compliance policy treats both under the same 'password length' rule.
How to eliminate wrong answers
Option A is wrong because the user reports Windows Defender Firewall is active, and the question states it is active, so this is not the cause of non-compliance. Option B is wrong because Secure Boot is explicitly enabled on the device, as stated in the scenario. Option C is wrong because the build number 19042.985 is above the required minimum version 19041.0, so the OS version meets the compliance requirement.