2.20 Set 'Number of attempts allowed' to '10'

Information

Use this setting to restrict the number of failed logon attempts a user can make.

Rationale:

There is a high risk that mobile devices will be lost or stolen. Enforcing this setting reduces the likelihood that an unauthorized user can guess the password of a device to access data stored on it.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-MobileDeviceMailboxPolicy -Identity Default -MaxPasswordFailedAttempts 10

See Also

https://workbench.cisecurity.org/files/1512

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a.

Plugin: Windows

Control ID: 47d99214c8fce5c981f74d90de446879d815d9933942c91be45bfdef7afd7cf0