Configure Password Policy Profile (Windows)


Password Policy allows admins to configure device lock policies on the enrolled devices.

To create a device lock policy and deploy it to the enrolled device(s), follow these steps:

1.  Navigate to SureMDM web console > Profiles > Windows > Add > Password Policy > Configure.

2.  Enter a Profile Name.

3.  In the Device Password Policy section, enter the following details:

Settings

Description

Device Lock

Use this option to enable device lock related features

Windows Device Type 
  • All - Supports all Windows device types 
  • Desktop - Supports all Windows 10 desktop devices 

Features Supported

Windows Device Types

All

Desktop

Minimum Password Quality

Select a PIN type from the following:

  • Simple
  • Alphanumeric
  • Numeric 
  • Any

--

Minimum Device Password Complex Characters

Select an option (complex characters) from the following required for a strong PIN or Password:

  • Digits Only
  • Digits and lowercase letters are required
  • Digits, lowercase letters and uppercase letters are required
  • Digits, lowercase letters, uppercase letters, and special characters are required 

--

Minimum Password Length

Devices’ minimum password length

 

Maximum Password Failed Attempts

Number of attempts allowed before the devices’ wipe.

Password Expiration (In Days) 

Maximum number of days the password will be active after which password expires.

Password History

Number of times the previously created password cannot be selected.

Maximum Inactivity Time To Device Lock (In Minutes)

Period of inactivity before the devices’ screen locks automatically.

Require Password when Device Returns From Idle State

Force the user to input the password every time the device returns from the idle state.

Note: This feature is supported only on Windows mobile and holographic devices.

Block Automatic Encryption During AADJ

Restrict automatic device encryption during first use when the device is Azure AD Joined (AADJ).

Note: This feature is supported only when the device is enrolled through Windows OOBE / Windows Autopilot.

Allow Federal Information Processing Standard (FIPS) Policy 

Allow federal information processing standard (FIPS)  policy.

Note: This feature is supported only when the device is enrolled through Windows OOBE / Windows Autopilot.

Allow Windows Hello Device Authentication

Allow the use of Windows Hello for authenticating device.

Note: This feature is supported only when the device is enrolled through Windows OOBE / Windows Autopilot.

Preferred Azure AD Tenant Domain

Enter the Azure AD tenant domain name. The user can sign in without typing the domain name.

Note: This feature is supported only  when the device is enrolled through Windows OOBE / Windows Autopilot.

Note:

1. Password Policy does not work for domain-joined devices.

2. The password must contain alphanumeric and special characters. 

      The newly created profile will be listed in the Profiles section.

4.  Go back to Home tab and select the Windows device(s) or group(s).

5.  Click Apply to launch the Apply Job To Device prompt.

6.  In the Apply Job To Device prompt, select the created profile and click Apply.