Information
This policy setting is used to specify a minimum password length for the device.
Rationale:
Types of password attacks include dictionary attacks that use common words and phrases, and brute force attacks that use character combinations. Attackers also sometimes try to obtain an account database so they can use tools to discover accounts and passwords.
Impact:
None - This is the default behavior.
Note: This is a mobile device management setting. Use caution when applying these settings as they could have adverse effects depending on the environment, and internal policies around bring your own device (BYOD). These policies could affect a user's BYOD.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-MobileDeviceMailboxPolicy 'Profile' -MinPasswordLength 4
OR
Perform the following actions:
Launch the EAC (Exchange Administrative Center).
Go to 'Mobile' on the left and click on the 'Mobile device mailbox policies' tab.
Double-click the policy you wish to modify and go to the 'Security' settings.
Ensure the Minimum password length box is checked and change the value to 4 and click Save
Default Value:
4