Configure Password Policy for Windows Devices

Securing enterprise Windows 10 devices is a very important aspect of managing them. A quality password acts as first line of defense in protection against unattended access and stolen/lost devices.

Scalefusion helps you define a password policy, that can be applied to the devices thereby forcing the users to create a password that complies with your organizational policies. In this document, we will walkthrough on how to configure and publish a Password policy.

Before you Begin

1. Login into Scalefusion Dashboard
2. Have access to one Scalefusion managed Windows 10 devices.

Password Policy

Creating a Password Policy

1. Navigate to Device Profiles & Policies > Passcode Policy > Windows section.
2. Toggle on the Require Password setting.
3. Following are the options for Password complexity for Windows devices,

   Setting	Description	Known Behavior
   Require Password	Enable this setting if you want to enforce a password.
   Select Password Type	Currently the only type supported is Alphanumeric.
   Minimum Password Length	Select a minimum password length that is enforced.	Accepted values are between 4 to 16
   Choose Complexity Type	Select if you want the password to contain Digits or Digits & lower case letter.	Windows Enterprise enforces Digits & lower case letters in password irrespective of the selection.
   Select Password Expiry (in days)	Select an optimal period after which the password should expire and user is enforced to set a password.
   Maximum Password History List	Choose an optimal value on how often user can repeat the passwords once they expire.
   Set Idle Time for Auto Lock (in minutes)	Select an idle timeout after which the screen is auto-locked	Any change in this value, forces the user to reset the password again.
   Maximum Failed Attempts to Factory Reset	Select an optimal value after which the device will be factory reset or enter into BitLocker mode.	Currently unsupported by Scalefusion. Will be supported once BitLocker support is in.

4. Once you have configured the desired policy, click Save Policy.

Publishing a Password Policy

1. Once you have created a password policy, you can publish it to the Device Profiles. To do so, navigate to Device Profiles & Policies > Passcode Policy. Under Windows tab, click on Apply to Device.
2. Select the Device Profile(s) where you want to apply the policy to and click on SUBMIT.
3. Once the policy is applied and the devices sync with the Scalefusion dashboard, they will be forced to change the password the next time the device reboots or they Login to their account on device.
   It is observed that irrespective of the current password on the device, users are forced to create a new password, even if the complexity is less.

Removing a Password Policy

1. If you want to relax the password policy and want to remove a password policy from devices, then navigate to Device Profiles & Policies > Passcode Policy and click on Delete icon.
2. Select the Device Profile(s) where you want to remove the policy from and click SUBMIT.
3. Once you remove a password policy from a device profile, following are the actions taken,
   1. All the future devices that enroll into the device profile will not be enforced to create a password.
   2. For the current devices in the profile, Scalefusion does a best case effort to remove the password, however sometimes the password might not be removed.