7.7 Ensure devices lock after a period of inactivity to prevent unauthorized access


You should require your users to configure their mobile devices to lock on inactivity.


Attackers can steal unlocked devices and access data and account information.


This setting has a low impact on users.


To set mobile device management policies, use the Microsoft 365 Admin Center:

Under Admin Centers select Endpoint Management.

Select Devices and then under Policy select Configuration profiles

Select Create profile

Set a Name for the policy, choose the appropriate Platform and select Device restrictions

In the Password section, ensure that Maximum minutes of inactivity until screen lock is set to 5 and Maximum minutes after screen lock before password is required is set to Immediately

Default Value:

Screen locking is not enabled by default.

See Also