We can set some configurations to identify simple passwords in the organization, but first, let’s see what can happen with simple or weak passwords in the organization:
- Data Breaches: Weak passwords will welcome vulnerability which leads to data breaches. Attackers can gain access to sensitive information about the organization.
- Account Takeovers: Simple passwords make it easier for hackers to take over your account and they can manipulate data, steal important information, and many more.
- Lack of Security: using the same password for multiple logins can lead to compromising your account once.
How to identify
We will configure the Intune compliance policy for weak passwords. From this compliance policy, non-compliant users can be found easily and educated to configure complex passwords.
- Go to the Intune Portal
- Click on Device and go to Windows
- Click on Compliance and create a New Policy
- Select the platform and click on create
- Provide a Name and Description as per your standard guideline.
- Click Next.
- In Compliance Setting, open the tree of System security and make the following changes:
- Enable “Require a password to unlock mobile devices”
- Simple password – “Block”
- Password type – “AlphaNumeric”
- Password complexity – “Require digits, lowercase, uppercase and special character”
- Minimum password length – 12
- “Maximum minutes of inactivity before password is required” should be 1 min
- Password expiration days = 30 days
- “Number of previous passwords to prevent reuse” should be 5
- “Require a password when the device returns from the idle state (Mobile and Holographic)” set to required
-
- In the encryption section, “Required encryption of data storage on device” is required
- In device security, Firewall, TPM (Trusted Platform Module), and Antivirus set to the required
-
- If you are planning to use Defender as your Virus protection system then, set the required to antimalware, definition update and real-time
- Now click on Next and set the action for non-compliant devices, by default, the action is set to mark the device as non-compliant immediately, but if you would like to configure sending an email, other options you can explore. For email, you need to create an email template before you start the configuration.
- On the next screen add an assignment to all devices or a particular group of devices.
- Then review the config and save.
Monitor
- Go to compliance policy and you can check the number how many devices that are compliant
Check out more about Intune & I have a specific section for Windows troubleshooting I hope you will like to explore.
Always check the Microsoft Learn website for new study programmes.