2.6 Set 'Allow simple passwords' to 'False'

Information

You can configure this setting to require strong passwords to unlock mobile devices before they can connect via ActiveSync to an Exchange server.

Rationale:

Allowing simple passwords can make it easier for an attacker to correctly guess them.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-MobileDeviceMailboxPolicy <Profile> -AllowSimplePassword $false

See Also

https://workbench.cisecurity.org/files/1514

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a)

Plugin: Windows

Control ID: 4b4cbf099962dcec515f66cafe7e310cf859bb69a20c38b929f5e616c02fd199