Windows

: Password rules

Password required for device

Specify whether a user must set a device password.

Minimum OS version: 10.0

MDM controls

No

Allow simple password

Specify whether the device password can contain repeated or sequential characters, such as 1111 or 1234.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

Allow

Minimum password length

Specify the minimum number of characters that the device password must contain.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

4 characters

Password complexity

Specify the complexity of the device password. If set to "Alphanumeric," the password must contain both letters and numbers. If set to "Numeric," the password must contain only numbers.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

Numeric

Minimum number of character types

Specify the minimum number of character types that the device password must contain. If you select "1," the password requires numbers. If you select "2," the password also requires lowercase letters. If you select "3," the password also requires uppercase letters. If you select "4," the password also requires special characters. This rule does not apply to Windows 10 computers and tablets.

Depends on: Password complexity

Minimum OS version: 10.0

MDM controls

numbers required

Password expiration

Specify the maximum number of days that the device password can be used. After the specified number of days elapse, the password expires and a user must set a new password. If set to 0, the password does not expire.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

0 days

Password history

Specify the maximum number of previous passwords that a device checks to prevent a user from reusing a device password.

If set to 0, the device does not check previous passwords.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

0 passwords

Maximum failed password attempts

Specify the number of times that a user can enter an incorrect password before a device is wiped.

If set to 0, the device is not wiped regardless of how many times the user enters an incorrect password. This rule does not apply to devices that allow multiple user accounts, including Windows 10 computers and tablets and Windows Mobile devices with Microsoft Passport.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

0 attempts

Maximum inactivity time lock

Specify the period of user inactivity that must elapse before a device locks.

If set to 0, the device does not lock automatically.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

0 minutes

Allow idle return without password

Specify whether a user must type the password when the idle grace period ends.

If this rule is selected, the user can set the password grace period timer. This rule does not apply to Windows 10 computers and tablets.

Depends on: Password required for device

Minimum OS version: 10.0

MDM controls

Allow

Allow use of biometric gestures

Enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business.

Depends on: Password required for device

Minimum OS version: 10.0.14393

MDM controls

Selected

Enable enhanced anti-spoofing for facial feature recognition

Enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication.

Depends on: Password required for device

Minimum OS version: 10.0.14393

MDM controls

Not selected