How to Set PIN Policies for Unified Messaging Users

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

Topic Last Modified: 2007-07-27

This topic explains how to use the Exchange Management Console and the Exchange Management Shell to set PIN policies on a Unified Messaging (UM) mailbox policy. UM mailbox policies can be configured to increase the level of security for UM-enabled users by requiring users to comply with the predefined PIN policies for your organization.

To set PIN policies for UM users, you can either create a new UM mailbox policy or modify an existing UM mailbox policy. After a new UM mailbox policy is created, you can then configure the UM mailbox policy by configuring the following PIN settings:

  • MinPasswordLength

  • PINLifetime

  • LogonFailuresBeforePINReset

  • MaxLogonAttempts

  • AllowCommonPatterns

  • PINHistoryCount

For more information about how to configure UM PIN security, see Configuring PIN Security for UM-Enabled Users.

When you change a PIN policy on a UM mailbox policy, the change will affect all new users that are created and the users that are currently associated with the existing UM mailbox policy.

When you change the PIN policy, the new PIN setting is applied to users who are currently associated with the UM mailbox policy. For example, if you modify the UM mailbox policy and change the minimum PIN length from 7 to 10 digits, the next time users log on they will be forced to change their PIN to comply with the changed PIN requirement.

To perform this procedure, the account you use must be delegated the Exchange Recipient Administrator role.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Also, before you perform these procedures, confirm the following:

  • The existing Exchange recipient has an Exchange Server 2007 mailbox.

  • The existing Exchange recipient is currently enabled for UM.

  • A UM dial plan has been created.

  • A UM mailbox policy has been created.

  1. In the console tree of the Exchange Management Console, expand the Organization Configuration node, and then click Unified Messaging.

  2. In the work pane, click the UM Mailbox Policies tab.

  3. In the work pane, click the UM mailbox policy that you want to change. This is the UM mailbox policy that is associated to the UM-enabled user.

  4. In the action pane, click Properties.

  5. In the UM mailbox policy Properties window, click the PIN Policies tab.

  6. On the PIN Policies tab, configure the PIN settings for the UM mailbox policy, and then click OK to accept your changes.

  • Run the following command:

    Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -MinPasswordLength 8 -PINLifetime 30 -LogonFailuresBeforePINReset 3 -MaxLogonAttempts 7 -PINHistoryCount 10

For information about syntax and parameters, see Set-UMMailboxPolicy.

It is a security best practice to implement strong PIN requirements for Unified Messaging users. This can be enforced by creating Unified Messaging PIN policies that require 6 or more digits for PINs and increases the level of security for your network.