We have Microsoft Intune deployed to about 4,000 users with a 4-digit numerical PIN enforced for screen unlock. We have received several concerns from users not being able to use fingerprint, facial recognition, or swipe pattern due to this policy. I know in order to enable these password-types, we would need to lower the requirements to "device default".
My concern is that due to inconsistency among Android devices, this "device default" password-type will vary, and in some cases, could potentially be a security vulnerability if the phone manufacturer does not require a secure password as the "device default" (such as, a single swipe?). As a reference, we are a BYOD company, and our Intune tenant manages devices from 40+ manufacturers all over the world.
I submitted a Premier ticket with these concerns, and Microsoft stated that...