Configure Password Policy for Windows Devices

Securing enterprise Windows 10 devices is a very important aspect of managing them. A quality password acts as first line of defense in protection against unattended access and stolen/lost devices.

Scalefusion helps you define a password policy, that can be applied to the devices thereby forcing the users to create a password that complies with your organizational policies. In this document, we will walkthrough on how to configure and publish a Password policy.

Before you Begin

  1. Login into Scalefusion Dashboard
  2. Have access to one Scalefusion managed Windows 10 devices.

Password Policy

Creating a Password Policy

  1. Navigate to Enterprise > Passcode Policy > Windows section.
  1. Following are the options for Password complexity for Windows 10 devices,

    Setting

    Description

    Known Behavior

    Require Password

    Enable this setting if you want to enforce a password.

    Select Password Type

    Currently the only type supported is Alphanumeric.

    Minimum Password Length

    Select a minimum password length that is enforced.

    Accepted values are between 4 to 16

    Choose Complexity Type

    Select if you want the password to contain Digits or Digits & lower case letter.

    Windows Enterprise enforces Digits & lower case letters in password
    irrespective of the selection.

    Select Password Expiry (in days)

    Select an optimal period after which the password should expire and user is enforced to set a password.

    Maximum Password History List

    Choose an optimal value on how often user can repeat the passwords once they expire.

    Set Idle Time for Auto Lock (in minutes)

    Select an idle timeout after which the screen is auto-locked

    Any change in this value, forces the user to reset the password again.

    Maximum Failed Attempts to Factory Reset

    Select an optimal value after which the device will be factory reset or enter into BitLocker mode.

    Currently unsupported by Scalefusion. Will be supported once BitLocker support is in.

  2. Once you have configured the desired policy, click SAVE.

Publishing a Password Policy

  1. Once you have created a password policy, you can publish it to the Device Profiles. To do so, navigate to Enterprise > Passcode Policy and click on APPLY.
  1. Select the Device Profile(s) where you want to apply the policy to and click on SUBMIT.
  2. Once the policy is applied and the devices sync with the Scalefusion dashboard, they will be forced to change the password the next time the device reboots or they Login to their account on device.
    It is observed that irrespective of the current password on the device, users are forced to create a new password, even if the complexity is less.

Removing a Password Policy

  1. If you want to relax the password policy and want to remove a password policy from devices, then navigate to Enterprise > Passcode Policy and click on REMOVE.
  1. Select the Device Profile(s) where you want to remove the policy from and click SUBMIT.
  2. Once you remove a password policy from a device profile, following are the actions taken,
    1. All the future devices that enroll into the device profile will not be enforced to create a password.
    2. For the current devices in the profile, Scalefusion does a best case effort to remove the password, however sometimes the password might not be removed.


How did we do?


Powered by HelpDocs