1. Home
  2. Windows
  3. Hexnode MDM Password Policy for Windows

Hexnode MDM Password Policy for Windows

Hexnode MDM enables you to enforce strong password on Windows device users, thereby preventing unauthorized access to the device.

Note


This feature is available on Enterprise, Ultimate, and Ultra subscription plans.


To configure password rule for the users and make the password mandatory on the devices,

  1. Login to your Hexnode MDM portal > Navigate to Policies tab > Click on New Policy to create a new one or click on any policy to edit an existing one > Enter the Policy Name and Description in the provided fields.
  2. Navigate to Windows > Select Password > Click on Configure
  3. Configure Password settings.
    Password settings

    Password settings Supported OS Description
    Allow simple value
    PCs & Tablets Phones
    10
    8.1
    10
    Select this option to enable users to set simple passwords (without special characters or numbers) on their devices.
    Password type
    PCs & Tablets Phones
    10
    8.1
    10
    Select the type of password that the users can set on their Windows devices.

    Alphanumeric password: Enforce users to set an alphanumeric password.

    Numeric password: Enforce users to set a numeric password.

    Users can choose (default): Select this option to allow users to set a password according to their desire.

    Minimum password length
    PCs & Tablets Phones
    10
    8.1
    10
    Select the minimum number of characters required for the password.

    You can set any value in the range 4 – 16.

    Default value is 4 for mobiles and desktops.

    Note


    Local accounts will always enforce a minimum password length of 6.

    Minimum complex characters Select the minimum number of complex characters that the password should have.

    You can choose any value from,

    • Digits only (default)
    • Digits and lowercase letters
    • Digits, lowercase and uppercase letters
    • Digits, special characters, lowercase and uppercase letters
    Notes

    • Desktop local accounts enforce Digits, lowercase and uppercase letters, regardless of choice.
    • Desktop Microsoft accounts only supports either Digits only or Digits and lowercase letters.
    • Desktop Domain accounts are not supported.

    Maximum password age (in days)
    PCs & Tablets Phones
    10
    8.1
    10
    Select the maximum number of days before which the password needs to be changed.

    You can set any value in the range of 0 – 730 days.

    Note


    Passwords do not expire if the value is set as 0.

    Auto-lock (in minutes)
    PCs & Tablets Phones
    10
    8.1
    10
    Set the maximum duration of device inactivity after which the device gets locked automatically.

    You can set any value in the range of 0 – 999 minutes.

    Note

    • Devices will not be auto-locked if the value is set as 0.
    • Lumia 950 and 950XL auto-locks after 5 minutes, regardless of the value set by this policy.
    • You cannot disable the Auto-lock option on Windows 8.1 devices, as Never option is not present on them. However, on selecting 0 for Auto-lock from the Hexnode portal, the device gets locked only after 30 seconds, which is the lowest possible value shown on the Windows device lock settings screen.

    Hexnode MDM Password Policy for Windows - Auto lock time

    Hexnode MDM Password Policy for Windows - Incorrect password warning

    Hexnode MDM Password Policy for Windows - Incorrect password

    Password history
    PCs & Tablets Phones
    10
    8.1
    10
    Password history is set to block the users from reusing the password for a specified number of times.

    You can set any value in the range 0 – 50.

    Note


    Passwords do not expire if the value is set as 0.

    Failed attempt before wipe
    PCs & Tablets Phones
    10
    8.1
    10
    The number of wrong password attempts after which the device will be automatically reset to factory default settings and all user data (contacts, files, calendars, etc.) will be lost.

    You can set any value in the range 4 – 16 for desktops and 0 – 999 for mobile devices.

    Notes

    • Devices will not be wiped if the value is set as 0.
    • On mobile devices, the device is wiped when the user reaches the specified value.
    • On Windows 10 PCs and tablets, the policy would fail if BitLocker protection is not enabled on the devices. The device enters a recovery mode instead of being wiped. From here, you can restore the access to the device by using a 48-digit recovery code provided by the Organization.

  4. Finally, go to Policy Targets > + Add Devices > Select the required device(s) to which the policy needs to be associated > Click OK
  5. Click Save.
Notes

  • On Windows 10 devices, password configurations get enforced only during the next restart.
  • Once you disassociate the Password policy from the device(s), a pop up appears on the device screen showing that the device no longer requires a password.

  •  
  •  
  •  
  •  
  •  

Was this article helpful?

Related Articles

Leave a Comment