6 votesSamy supported this idea ·
An error occurred while saving the commentSamy commented
The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
This policy must be wrapped in an Atomic command.
This policy has different behaviors on the mobile device and desktop.
On a mobile device, when the user reaches the value set by this policy, then the device is wiped.
On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced.
Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value.