Configure Device Password Locking

Applies to: Exchange Server 2010

You can use the EMC or the Shell to configure device password locking. You can require users to lock their mobile phones by using a password. You can also enforce a variety of policy settings that guide the usage of mobile phone passwords. The settings you can configure include the following:

  • Enforcing an alphanumeric password.
  • Enabling password recovery.
  • Requiring encryption on the mobile phone.
  • Specifying a minimum password length.
  • Specifying a period of inactivity before you must re-enter a password on a mobile phone. This is known as device password locking.

Looking for other management tasks related to managing mobile phones? Check out Managing Exchange ActiveSync Devices.

Prerequisites

An Exchange ActiveSync mailbox policy has been created. For detailed steps, see Create a New Exchange ActiveSync Mailbox Policy.

Use the EMC to configure device password locking

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync device settings" entry in the Client Access Permissions topic.

  1. In the console tree, navigate to Organization Configuration > Client Access.
  2. In the work pane, click the Exchange ActiveSync Mailbox Policies tab, select an existing mailbox policy, and then click Properties in the action pane.
  3. Click the Password tab.
  4. Select the Require password check box.
  5. Select the Time without user input before password must be entered (in minutes) check box.
  6. Enter the inactivity time-out value in minutes.
  7. Click OK.

Use the Shell to configure device password locking

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync device settings" entry in the Client Access Permissions topic.

This example configures the Exchange ActiveSync mailbox policy named Default for device password locking after 15 minutes.

Set-ActiveSyncMailboxPolicy -Identity "Default" -DevicePasswordEnabled: $true -MaxInactivityTimeDeviceLock: 00:15:00

For more information about syntax and parameters, see Set-ActiveSyncMailboxPolicy.

Other Tasks

After you configure device password locking, you may also want to: