Authentication (Desktop)
The Authentication configuration enables you to set minimum requirements for password-based user authentication on a device. You can apply this configuration when:
Complexity Requirements
Minimum Password Length | Select the minimum number of characters a password must have. |
Set Password Complexity | Enable to set complex passwords for local and Microsoft accounts. Select a password complexity criteria:
Local accounts support passwords containing Digits Only, Digits and Lowercase Letters and Digits Lowercase and Uppercase Letters. However, local accounts enforce passwords with Digits Lowercase and Uppercase Letters. Irrespective of the 3 profile options, the device exhibits the behavior of the Digits Lowercase and Uppercase Letters profile. See Policy CSP - Device Lock for more information. Microsoft accounts support passwords containing Digits Only and Digits and Lowercase Letters. Password profiles that are Digits Lowercase and Uppercase Letters are only supported when a user adds a Microsoft account to an existing local account. To
successfully assign the password complexity payload, restart the
device after the successful installation of the profile. The
installation status is under the
Configurations tab in the device detail
pop-up. Upon restart, users need to enter the existing password,
and then enter a new password that complies with the assigned
password complexity profile. Note: Password
complexity supports Windows 10 Version 1803 and
onwards. |
History
Password Expiry | Select this option to enable password expiry. |
Expire Password in | Enter the number of days before the password expires. |
Unique Password Before Reuse | Select this option to set the number of unique passwords before reusing an old one. |
Number of Unique Passwords Before Reuse | Enter the number of unique passwords before reusing an old password. |
Enforcement
You can set conditions for locking or wiping the device on the Enforcement tab.
Inactivity Before Screen Lock | Specify the number of minutes of inactivity on the device before
the screen becomes locked, forcing the user to reenter their
password to gain access. Note: A value of zero indicates that there
is no limit.
|
Failed Password Attempts | Set the limit of failed
attempts to unlock the device before it automatically resets and
enables BitLocker recovery mode. This makes the data inaccessible
but recoverable. When the user reaches the limit, the device
automatically reboots and shows the BitLocker recovery page. This
page prompts the user to use the BitLocker recovery key.
Important: You must enable BitLocker
on the device to enforce this setting. |
Windows Hello
Configure Windows Hello for Business | Note: This feature is supported on Windows 10 version 1903 and
later. Enable to set password complexity for Windows Hello
for Business.Select the following password complexity
criteria:
|
Use security keys for sign-in | Enable to set Windows Hello security key as a logon credential. |