Learn more about the Parameter: "Force Password Reset".
The "Force user to reset password at next authentication" parameter comes with some caveats that should be understood before deploying. It is important to note what macOS version you're deploying to, as well as the other password policies you have enabled.
As with all parameters, it is ideal to test before pushing any changes to production Mac devices.
By enabling the Parameter, a profile is pushed down to Mac devices. This profile states that the user will be prompted to change their password at the next authentication. For most users, this will occur when they attempt to log in after a full log out or reboot (Not a screen lock).
Once you enable this Parameter, and the Blueprint is saved, the profile will be deployed during Kandji's next check-in.
- The Password Policy profile will remain on Mac devices as long as the parameter is enabled in the Kandji Web App. However, the user will only be prompted to change their password once, during their next log in after Kandji has pushed down the parameter.
- This parameter forces all user accounts on all Mac devices enrolled in the Blueprint to change their password during their next login, including users that have a password that does meet the password complexity requirements.
Older macOS behavior
This same profile results in different behavior on different macOS versions. It is highly recommended you test any other versions of macOS to understand how this parameter will behave in your environment.
For more information, you can read our guide to the ramifications of password parameters.