2.20 Set 'Number of attempts allowed' to '10'

Information

Use this setting to restrict the number of failed logon attempts a user can make.

Rationale:

There is a high risk that mobile devices will be lost or stolen. Enforcing this setting reduces the likelihood that an unauthorized user can guess the password of a device to access data stored on it.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-MobileDeviceMailboxPolicy -Identity Default -MaxPasswordFailedAttempts 10

See Also

https://workbench.cisecurity.org/files/1514

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a.

Plugin: Windows

Control ID: a7c5528c04ba71c68eab43abd47ef2cb9074b38568e745fd3a380c8e9608bade