2.20 Set 'Number of attempts allowed' to '10'

Information

Use this setting to restrict the number of failed logon attempts a user can make.

Rationale:

There is a high risk that mobile devices will be lost or stolen. Enforcing this setting reduces the likelihood that an unauthorized user can guess the password of a device to access data stored on it.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-MobileDeviceMailboxPolicy -Identity Default -MaxPasswordFailedAttempts 10

See Also

https://workbench.cisecurity.org/files/1512

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a.

Plugin: Windows

Control ID: 665a05f61b5e61ca5546b20bc5bf4d7e9b925fd112c11656889bb28251dbe704