Forum Discussion
Set 'Account lockout threshold' to 1-10 invalid login attempts
Received the following from MS support.
(I have reported them as inaccurate recommendations)We can confirm that the configuration options at the moment are not available to set from Intune. This looks like an invalid recommendation originating from Microsoft Defender for Endpoint.
Right now in Intune, the ones below are the settings most similar to the account lockout threshold policy (screenshots with descriptions):
Device configuration profiles (Win 10) > Templates > Administrative templates > Computer Configuration > System > Trusted Platform Module Services
- Standard User Individual Lockout Threshold
- Standard User Total Lockout Threshold
Did you check the security center? Will this apply to that settings because security center is pointing on other settings.
Device lock is it in the security baseline or where did you find this? Just to be clear the setting will not hit the correct configuration. Device lock will not set lockoutthreshold that Secure Score recommends.
Just checked and we always had Device Lock set and this was why I reported it to MS
- Did anyone got through this?
Still having some security recommendations that I cannot get rid of because Exposure Score recommendations is looking for GPOs to be in-place...
Set 'Account lockout duration' to 15 minutes or more
Set 'Reset account lockout counter after' to 15 minutes or more
Set 'Minimum password length' to '14 or more characters'
Set 'Enforce password history' to '24 or more password(s)'
Set 'Minimum password age' to '1 or more day(s)'- No I can go back and check on a cloud only enviroment to see if it's still recommended there to. But I left it as my policies are correct.
- Thanks JimmyWork
Yep...It still shows up in a cloud only environment.
Just reported all that recommendations has "inaccurate".
