Authentication (Desktop)

An Authentication configuration enables you to set minimum requirements for password-based user authentication on a device.

Complexity Requirements

Minimum Password/PIN Length Select the minimum number of characters a password must have.
Allow Simple Passwords or PINs Allows the device user to define a simple password to unlock the device.
Average Complexity Requires the device user to define a password that contains both digits and lowercase letters.
Good Complexity Requires the device user to define a password that contains digits, lowercase letters, and uppercase letters.


On the Enforcement tab you set conditions for locking or wiping the device.

Maximum Duration of Inactivity Before Screen Lock The number of minutes of inactivity on the device before the screen becomes locked, forcing the user to re-enter their password to gain access.

A value of zero indicates that there is no limit.

Maximum Number of Failed Password Attempts Before Device Wipe The number of incorrect attempts to unlock the device that is allowed before the device automatically resets and is put in BitLocker recovery mode, which makes the data inaccessible but recoverable. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
Note: BitLocker must be enabled on the device for this setting to be enforced.