Skip to content

Password policies configuration (Windows policy)

With the Password policies configuration you define requirements for the passwords of Windows user accounts.


Password complexity rules (for example length, number of uppercase and lowercase letters) for Windows computers are fixed and cannot be set by a Sophos Mobile policy.

For details, see Windows password complexity rules.


Password policies can’t be assigned to Windows computers if the following conditions are both met:

  • There are other local users configured on the device in addition to the user that is enrolled with Sophos Mobile.
  • One or more of these other users are not allowed to change their password.
Setting Description
Maximum number of failed attempts

The number of authentication attempts allowed.

When users reach this number, the device restarts, and the user must enter the BitLocker recovery key.

Enter 0 for no restriction.

Time in minutes until the device is locked

The time period (in minutes) after which the device is locked if it has not been used. The user can unlock the device.

Enter 0 for no restriction.

Password history

The number of previously used passwords Sophos Mobile stores.

When the user sets a new password, it mustn’t match a password that was already used.

Maximum password age in days

The number of days after which users must change their password.

Enter 0 for no restriction.