Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
SOTI MobiControl Console Reference
Profiles
Windows Modern Profiles
Profile Configurations
Authentication (Desktop)

Welcome to SOTI MobiControl 2024.1 Help
SOTI MobiControl is an enterprise mobile management solution dedicated to helping you manage your enterprise devices. Use SOTI MobiControl Help to learn about all the features available through SOTI MobiControl.
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
What's New in SOTI MobiControl
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
SOTI Cloud Link
Glossary
Notices

Authentication (Desktop)

The Authentication configuration enables you to set minimum requirements for password-based user authentication on a device. You can apply this configuration when:

Complexity Requirements


Minimum Password Length	Select the minimum number of characters a password must have.
Set Password Complexity	Enable to set complex passwords for local and Microsoft accounts. Select a password complexity criteria: Digits Only: The profile supports any password that has a minimum of one digit. Digits and Lowercase Letters: The profile supports any password that has a minimum of one digit and one lowercase letter. Digits Lowercase and Uppercase Letters: The profile supports any password that has a minimum of one digit, one lowercase letter, and one uppercase letter. Note: A special character is an uppercase value. Local accounts support passwords containing Digits Only, Digits and Lowercase Letters and Digits Lowercase and Uppercase Letters. However, local accounts enforce passwords with Digits Lowercase and Uppercase Letters. Irrespective of the 3 profile options, the device exhibits the behavior of the Digits Lowercase and Uppercase Letters profile. See Policy CSP - Device Lock for more information. Microsoft accounts support passwords containing Digits Only and Digits and Lowercase Letters. Password profiles that are Digits Lowercase and Uppercase Letters are only supported when a user adds a Microsoft account to an existing local account. To successfully assign the password complexity payload, restart the device after the successful installation of the profile. The installation status is under the Configurations tab in the device detail pop-up. Upon restart, users need to enter the existing password, and then enter a new password that complies with the assigned password complexity profile. Note: Password complexity supports Windows 10 Version 1803 and onwards.

History


Password Expiry	Select this option to enable password expiry.
Expire Password in	Enter the number of days before the password expires.
Unique Password Before Reuse	Select this option to set the number of unique passwords before reusing an old one.
Number of Unique Passwords Before Reuse	Enter the number of unique passwords before reusing an old password.

Enforcement

You can set conditions for locking or wiping the device on the Enforcement tab.


Inactivity Before Screen Lock	Specify the number of minutes of inactivity on the device before the screen becomes locked, forcing the user to reenter their password to gain access. Note: A value of zero indicates that there is no limit.
Failed Password Attempts	Set the limit of failed attempts to unlock the device before it automatically resets and enables BitLocker recovery mode. This makes the data inaccessible but recoverable. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user to use the BitLocker recovery key. Important: You must enable BitLocker on the device to enforce this setting.

Windows Hello


Configure Windows Hello for Business	Note: This feature is supported on Windows 10 version 1903 and later. Enable to set password complexity for Windows Hello for Business. Select the following password complexity criteria: Minimum PIN length: Enter the minimum PIN length between 4 and 127. Maximum PIN length: Enter the maximum PIN length between 4 and 127. Lowercase letters in PIN: From the list, select the option to allow or disallow lowercase characters in the PIN. If you select Required, then the PIN must include at least one lowercase character. Uppercase letters in PIN: From the list, select the option to allow or disallow uppercase characters in the PIN. If you select Required, then the PIN must include at least one uppercase character. Special characters in PIN: From the list, select the option to allow or disallow special characters in the PIN. If you select Required, then the PIN must include at least one special character. Digits in PIN: From the list, select the option to allow or disallow numbers in the PIN. If you select Required, then the PIN must include at least one numeric. PIN expiration (days): Configure this setting to set the number of days till a PIN expires. Set PIN expiration: Enter a value to set the number of days. Remember PIN history: Configure this setting to restrict PIN reuse. Set Remember PIN history: Enter a value to set the number of PINs. Enable PIN recovery: Enable to allow users to store, recover, and change the PIN. Use a Trusted Platform Module (TPM): Enable to allow devices with a usable TPM to provide Windows Hello for Business. Allow biometric authentication: Enable to authenticate use of facial and fingerprint recognition. Users must configure a PIN in case of failure. Certificate for on-premise resources: Enable to use certificates to authenticate on-premise resources.
Use security keys for sign-in	Enable to set Windows Hello security key as a logon credential.