Configure Password Policy for Windows Devices
  • 13 Aug 2024
  • 2 Minutes to read
  • PDF

Configure Password Policy for Windows Devices

  • PDF

Article summary

Securing enterprise Windows 10 devices is a very important aspect of managing them. A quality password acts as first line of defense in protection against unattended access and stolen/lost devices.

Scalefusion helps you define a password policy, that can be applied to the devices thereby forcing the users to create a password that complies with your organizational policies. In this document, we will walkthrough on how to configure and publish a Password policy.

Before you Begin

  1. Login into Scalefusion Dashboard
  2. Have access to one Scalefusion managed Windows 10 devices.
Password Policy does not apply to Azure AD (domain joined) enrolled devices.

Password Policy

Creating a Password Policy

  1. Navigate to Device Profiles & Policies > Passcode Policy > Windows section.
  2. Toggle on the Require Password setting.
  3. Following are the options for Password complexity for Windows devices,

    Setting

    Description

    Known Behavior

    Require Password

    Enable this setting if you want to enforce a password.


    Select Password Type

    Currently the only type supported is Alphanumeric.


    Minimum Password Length

    Select a minimum password length that is enforced.

    Accepted values are between 4 to 16

    Choose Complexity Type

    Select if you want the password to contain Digits or Digits & lower case letter.

    Windows Enterprise enforces Digits & lower case letters in password
    irrespective of the selection.

    Select Password Expiry (in days)

    Select an optimal period after which the password should expire and user is enforced to set a password. The options are:

    1. In a Week
    2. In a Month
    3. 42 days

    The maximum you can keep the password for is 42 days as Microsoft does not allow to keep same password for more than 42 days.



    Maximum Password History List

    Choose an optimal value on how often user can repeat the passwords once they expire.


    Set Idle Time for Auto Lock (in minutes)

    Select an idle timeout after which the screen is auto-locked

    Any change in this value, forces the user to reset the password again.

    Maximum Failed Attempts to Factory Reset

    Select an optimal value after which the device will be factory reset or enter into BitLocker mode.

    Currently unsupported by Scalefusion. Will be supported once BitLocker support is in.

  4. Once you have configured the desired policy, click Save Policy.

Publishing a Password Policy

  1. Once you have created a password policy, you can publish it to the Device Profiles. To do so, navigate to Device Profiles & Policies > Passcode Policy. Under Windows tab, click on Apply to Device.
  2. Select the Device Profile(s) where you want to apply the policy to and click on SUBMIT.
  3. Once the policy is applied and the devices sync with the Scalefusion dashboard, they will be forced to change the password the next time the device reboots or they Login to their account on device.
    It is observed that irrespective of the current password on the device, users are forced to create a new password, even if the complexity is less.

Removing a Password Policy

  1. If you want to relax the password policy and want to remove a password policy from devices, then navigate to Device Profiles & Policies > Passcode Policy and click on Delete icon.
  2. Select the Device Profile(s) where you want to remove the policy from and click SUBMIT.
  3. Once you remove a password policy from a device profile, following are the actions taken,
    1. All the future devices that enroll into the device profile will not be enforced to create a password.
    2. For the current devices in the profile, Scalefusion does a best case effort to remove the password, however sometimes the password might not be removed.

Was this article helpful?