Information
You should require your users to use a minimum password length of at least six characters to unlock their mobile devices.
Rationale:
Devices without this protection are vulnerable to being accessed physically by attackers who can then steal account credentials, data, or install malware on the device.
Impact:
This change has potentially high user impact depending on the willingness and awareness of the end-user.
Solution
To set mobile device management profiles, use the Microsoft 365 Admin Center:
Under Admin Centers select Endpoint Management.
Select Devices and then under Policy select Configuration profiles
Select Create profile
Set a Name for the policy, choose the appropriate Platform and select Device restrictions
In the Password section, ensure that Minimum password length is set to 6.
Default Value:
Minimum password lengths are not enforced by default