I am trying to implement password-change-at-next-login to force an updated password policy onto users.
Unfortunately the Passcode payload of Configuration Profiles is not working for Mobile accounts in 10.14 and macOS 12. The mobile user is not forced to change password at login.
The Passcode payload does work for the local Admin account - Admin is forced to change password at next login.
Should I expect the payload to work for Mobile accounts? Or maybe they only respect directory server password policies?
My Macs are bound to Apple's Open Directory.