Home » Exchange Server » Exchange Best Practices: PIN/Passcode Requirements for Mobile Devices

Exchange Best Practices: PIN/Passcode Requirements for Mobile Devices

On-premises Exchange Server and Exchange Online have a default mobile device mailbox policy that does not require passwords on mobile devices.


Furthermore, simple passwords such as “1234” are also allowed.

It is recommended to enforce PIN or password for mobile devices that are connecting to your Exchange mailboxes. In addition to enforcing a password, you should consider implementing a level of password complexity (e.g. increased length, use of alphanumeric characters) that balances the need for security with the need to keep end users happy, to reduce the likelihood of a PIN or password being guessed by brute force.

Note that you can assign different mobile device mailbox policies to different users in your organization. Often there is a request to relax security features for VIP users, such as executives, however those people are often the ones that should be protected by stronger password requirements. Other candidates for stronger password requirements are those who have access to sensitive information, and those who can approve financial transactions.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

Leave a Reply

Your email address will not be published. Required fields are marked *