Configure Passcode Policy for Windows Devices

Securing enterprise Windows 10 devices is a very important aspect of managing them. A quality password acts as first line of defense in protection against unattended access and stolen/lost devices.

MobiLock helps you define a password policy, that can be applied to the devices thereby forcing the users to create a password that complies with your organizational policies. In this document, we will walkthrough on how to configure and publish a Password policy.

Before you Begin

  1. Login into MobiLock Dashboard
  2. Have access to one MobiLock managed Windows 10 devices.

Password Policy

Creating a Password Policy

  1. Navigate to Enterprise > Passcode Policy > Windows section.
  2. Following are the options for Password complexity for Windows 10 devices,

    Setting

    Description

    Known Behavior

    Require Passcode

    Enable this setting if you want to enforce a password.

    Select Passcode Type

    Currently the only type supported is Alphanumeric.

    Minimum Passcode Length

    Select a minimum passcode length that is enforced.

    Accepted values are between 6 to 15

    Choose Complexity Type

    Select if you want the passcode to contain Digits or Digits & Characters.

    Windows Enterprise enforces Digits & Characters in password
    irrespective of the selection.

    Select Password Expiry (in days)

    Select an optimal period after which the password should expire and user is enforced to set a password.

    Maximum Password History List

    Choose an optimal value on how often user can repeat the passwords once they expire.

    Set Idle Time for Auto Lock (in minutes)

    Select an idle timeout after which the screen is auto-locked

    Any change in this value, forces the user to reset the password again.

    Maximum Failed Attempts to Factory Reset

    Select an optimal value after which the device will be factory reset or enter into BitLocker mode.

    Currently unsupported by MobiLock. Will be supported once BitLocker support is in.

  3. Once you have configured the desired policy, click SAVE.

Publishing a Password Policy

  1. Once you have created a password policy, you can publish it to the Device Profiles. To do so, navigate to Enterprise > Passcode Policy and click on APPLY.
  2. Select the Device Profile(s) where you want to apply the policy to and click on SUBMIT.
  3. Once the policy is applied and the devices sync with the MobiLock dashboard, they will be forced to change the password the next time the device reboots or they Login to their account on device.
    It is observed that irrespective of the current password on the device, users are forced to create a new password, even if the complexity is less.

Removing a Password Policy

  1. If you want to relax the password policy and want to remove a password policy from devices, then navigate to Enterprise > Passcode Policy and click on REMOVE.
  2. Select the Device Profile(s) where you want to remove the policy from and click SUBMIT.
  3. Once you remove a password policy from a device policy, following is the actions taken,
    1. All the future devices that enroll into the device profile will not be enforced to create a password.
    2. For the current devices in the profile, MobiLock does a best case effort to remove the password, however sometimes the password might not be removed.


How did we do?