Set 'Account lockout threshold' to 1-10 invalid login attempts

In the security baseline for Windows 10 and later I have configured the Device Lock part. Number of sign-in failures before wiping device = 10 I have also this set on the Device Restriction poli...

Intune

JimmyWork
May 12, 2022
Received the following from MS support.
(I have reported them as inaccurate recommendations)

We can confirm that the configuration options at the moment are not available to set from Intune. This looks like an invalid recommendation originating from Microsoft Defender for Endpoint.

Right now in Intune, the ones below are the settings most similar to the account lockout threshold policy (screenshots with descriptions):

Device configuration profiles (Win 10) > Templates > Administrative templates > Computer Configuration > System > Trusted Platform Module Services
Standard User Individual Lockout Threshold
Standard User Total Lockout Threshold

DiogoSousa

Iron Contributor

Jul 26, 2023

Did anyone got through this?
Still having some security recommendations that I cannot get rid of because Exposure Score recommendations is looking for GPOs to be in-place...
Set 'Account lockout duration' to 15 minutes or more
Set 'Reset account lockout counter after' to 15 minutes or more
Set 'Minimum password length' to '14 or more characters'
Set 'Enforce password history' to '24 or more password(s)'
Set 'Minimum password age' to '1 or more day(s)'

JimmyWork

Iron Contributor

Jul 26, 2023

No I can go back and check on a cloud only enviroment to see if it's still recommended there to. But I left it as my policies are correct.

DiogoSousa
Iron Contributor
Jul 26, 2023
Thanks JimmyWork
Yep...It still shows up in a cloud only environment.
Just reported all that recommendations has "inaccurate".

Forum Discussion

Set 'Account lockout threshold' to 1-10 invalid login attempts

Resources