26.1 (L1) Ensure 'Device Password Enabled' is set to 'Enabled'

Information

This policy setting specifics whether device lock is enabled. when enabled, the following policy settings take effect on the system which are included in the Device Lock Section:

- AllowSimpleDevicePassword
- MinDevicePasswordLength
- AlphanumericDevicePasswordRequired
- MaxDevicePasswordFailedAttempts
- MaxInactivityTimeDeviceLock
- MinDevicePasswordComplexCharacters

The recommended state for this setting is: Enabled

This policy setting allows for the configuration of settings such as those contained in the password and device lock policy.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to `3Enabled:

Device Lock\Device Password Enabled

Impact:

This setting is not supported if MDMWinsOverGP is enabled. MDMWinsOverGP is a setting that ensures MDM policies win over Active Directory Group Policies.

See Also

https://workbench.cisecurity.org/benchmarks/21767

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|16.10

Plugin: Windows

Control ID: 7bddf3735130a8815ee1bd0b007a8225db90f6037fb2925774f2dbf9ea36bc18