Connect
Ask Community
Ask the community
Ask Community
  • Home
  • macOS
  • macOS ADE passcode policy not enforced during Create Local Account setup

macOS ADE passcode policy not enforced during Create Local Account setupSolved

Profile photo of ren_ben
ren_ben
Participant
Discussion
Hexnode UEM
4 days ago Jun 04, 2026

During macOS Automated Device Enrollment, I’m trying to enforce a Hexnode passcode policy before the user creates the first local account. The Mac goes through Setup Assistant normally, but when it reaches the account creation screen, the passcode policy still shows as pending in Hexnode. Because of that, users can set a password that doesn’t meet our requirements.

I did see the macOS password requirements tooltip appear once during setup, but I haven’t been able to get that consistently. Right now, the ADE profile includes the passcode policy along with other things like our endpoint security app, FileVault, firewall, and OS update settings.

Is there any way to make sure the passcode policy gets applied first, or make Setup Assistant wait until it’s in place?

topic view count 17 Views

Tags

App Management (440) Automation (67) OS Updates (85)
Reply

Replies (3)

Marked SolutionPending Review
Profile photo of isabel_lora Hexnode Expert image
isabel_lora
Hexnode Expert
4 days ago Jun 04, 2026
Marked SolutionPending Review

Hi @ren_ben!

macOS doesn’t have a way to pause Setup Assistant until all MDM policies are applied. Most profiles are processed after enrollment completes and the device checks in, so it’s normal for the passcode policy to still be pending when the user reaches the account creation screen.

Sometimes the device checks in quickly enough and the passcode profile gets applied before the user enters a password, which is when macOS shows the password requirements tooltip. But that timing can vary depending on network speed and how many commands are being processed.

What usually works better is keeping the ADE profile light:

  1. Associate only the passcode policy, and any absolutely required network-related payloads, with the ADE enrollment profile.<.li>
  2. Move heavier tasks, such as endpoint security app installation, FileVault configuration, Firewall settings, and OS update settings, to a separate policy.
  3. Target that second policy to a dynamic device group for enrolled macOS devices.

That way, the passcode policy doesn’t have to compete with heavier tasks and has a better chance of being applied while Setup Assistant is still running.

The “Change password at next login” option can be used as a fallback, but it forces users to change their password even if they already chose one that meets the requirements. So, if you want to avoid that extra step, it’s better to leave it disabled and use the split-policy approach.

Best Regards,
Isabel Lora
Hexnode UEM

Marked SolutionPending Review
Profile photo of ren_ben Novice image
ren_ben
Participant
4 days ago Jun 04, 2026
Marked SolutionPending Review

I tried enabling “Change password at next login”, but it made me reset the password even though I had already used a strong one that matched the policy. Is that normal? It seems like it would be annoying for users.

Marked SolutionPending Review
Profile photo of isabel_lora Hexnode Expert image
isabel_lora
Hexnode Expert
4 days ago Jun 04, 2026
Marked SolutionPending Review

Yes, that’s expected @ren_ben. macOS treats it as a simple “must change password” flag and doesn’t check whether the current password already meets the policy.

Because of that, it’s usually only useful if you want everyone to change their password after enrollment. If you want to avoid unnecessary prompts, it’s better to leave that setting off. Once the passcode policy is applied, macOS will enforce it, and users with non-compliant passwords will be asked to update them later.

Best Regards,
Isabel Lora
Hexnode UEM

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Champion image
bram
2880 pts
Profile photo of carter Champion image
carter
1945 pts
Profile photo of timo-liam Champion image
timo-liam
1905 pts
Profile photo of leo_scott Champion image
leo_scott
1897 pts
Profile photo of eliiza Champion image
eliiza
1787 pts
View all

Popular Tags

ABM (67)
Android (561)
iOS (420)
macOS (526)
Windows (393)
Apple TV (33)
App Management (440)
Enrollment (144)
Location (34)
Kiosk (267)
Scripts (102)
ADE (60)
OS Updates (85)
Android Enterprise (157)
View all