You can define the parameters for creating a passcode and configure the passcode settings here. The configured passcode policy also governs Windows Hello PIN, if configured on the device. Click here to know more about Windows Hello and click here to know about PIN.
To set up a password on a device configure a passcode policy with the following minimum restrictions. Any configuration below the minimum level of restriction, automatically associates a passcode policy which satisfies the minimum requirements.
- The passcode should not contain the user's account name or parts of the user's full name, that exceed two consecutive characters.
- The minimum length is six characters.
- The passcode need to contain characters from three of the following four categories: English uppercase characters (A to Z), English lowercase characters (a to z), base 10 digits (0 to 9) and Special characters (!, $, #, %, etc.).
|Passcode Profile Settings|
|Minimum passcode length||Specify a minimum length of a passcode, for example if you have the minimum length as 5, users will not be allowed to set a passcode with 4 characters or less.|
|Minimum passcode age (days)||Specify the number of days the passcode must be used before the user can change it.|
|Maximum passcode age (days)||Specify the number of days for the passcode to be reset. After this period, the user is forced to change the passcode.|
|Maximum idle time allowed before auto-lock||Specify the time limit for the device screen to be locked automatically.|
|Number of passcodes to be maintained in history||Specify the number of previous passcode to be maintained, so that users cannot reuse them. For example: if you have set the limit as 3, users will not be allowed to reuse the last 2 passcodes and the current passcode.|
|Maximum number of failed attempts||Maximum number of attempts before all data in the device to be erased. For phones, the device is wiped after the specified number of wrong attempts. For laptops and desktops, the devices enter bitlocker recovery mode, if configured. If bitlocker is not configured, devices reboot and request for captcha multiple times. The maximum number of failed attempts for desktops can take values in the range 4-16 and the range for mobiles is 0-999.|
|PIN settings||>Block insecure PINs
Allow/Restrict the usage of simple PINs and picture passwords.
Specify the maximum number of complex characters allowed in the passcode.This can be configured as Digits only, Digits and lowercase, Digits, lowercase, and uppercase
Note: Even if the existing passcode meets the complexity requirements mentioned in the passcode profile, the user will be prompted to change the passcode in the next sign in.