Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Samy

My feedback

  1. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Ideas » Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
    Samy supported this idea  · 
  2. 7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Ideas » Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Samy commented  · 

    The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.

    Note:
    This policy must be wrapped in an Atomic command.

    This policy has different behaviors on the mobile device and desktop.

    On a mobile device, when the user reaches the value set by this policy, then the device is wiped.

    On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced.

    Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.

    Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value.

    https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock#devicelock-maxdevicepasswordfailedattempts

Feedback and Knowledge Base