How to Configure Device Password Locking

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure device password locking. You can require users to lock their devices by using a password. You can also enforce a variety of policy settings that guide the usage of device passwords. The settings that you can configure include the following:

  • Enforcing an alphanumeric password.

  • Enabling password recovery.

  • Requiring encryption on the mobile device.

  • Specifying a minimum password length.

  • Specifying a period of inactivity before you must reenter a device password. This is known as device password locking.

This topic explains how to configure the device password locking setting.

Before You Begin

To perform this procedure, the account you use must be delegated the Exchange Recipient Administrator role.

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Also before you perform the following procedures, make sure that you have created an Exchange ActiveSync Mailbox policy. For information about how to create an Exchange ActiveSync Mailbox policy, see How to Create an Exchange ActiveSync Mailbox Policy.


To use the Exchange Management Console to configure device password locking

  1. In the console tree, expand Organization Configuration, and then click Client Access.

  2. In the work pane, right-click an existing mobile mailbox policy, and then click Properties.

  3. Click the Password tab.

  4. Click to select the Require password check box.

  5. Click to select the Time without user input before password must be entered (in seconds) check box.

  6. Enter the inactivity time-out value in seconds.

  7. Click OK.

To use the Exchange Management Shell to configure device password locking

  • Run the following command:

    Set-ActiveSyncMailboxPolicy -Identity "PolicyName" -DevicePasswordEnabled: $true -MaxInactivityTimeDeviceLock: 00:15:00

For more information about syntax and parameters, see Set-ActiveSyncMailboxPolicy.

For More Information

For more information about Exchange ActiveSync Mailbox policies, see Understanding Exchange ActiveSync Mailbox Policies.