In the ever-evolving landscape of cybersecurity, safeguarding sensitive data and devices is paramount. As organizations embrace mobility and remote work, the need to fortify defenses against potential threats on mobile devices becomes increasingly critical. Microsoft Defender Secure Score provides actionable insights to enhance security posture, and one such recommended action is to ensure that mobile devices require the use of a password. In this blog post, we highlight the significance of this recommendation and its implementation.

 

Note: “Recommended action” Remediations as identified by “Microsoft 365 admin center Portal (https://portal.microsoft.com) \ Security \ Secure score \ Recommended actions” in a pristine baseline environment.

Rank Recommended action

62 Ensure mobile devices require the use of a password

Microsoft Security Score

Before Mitigation:

 

After Mitigation:

Secure Score Improvement: +0.22%

General

Description

You should require your users to use a password to unlock their mobile devices.

Devices without this protection are vulnerable to being accessed physically by attackers who can then steal account credentials, data, or install malware on the device.

Note: Windows OS up to version 8.1 and Android OS are irrelevant and will not be accounted for to comply.

User impact

This change will require users to provide a password to unlock their mobile device after the timeout period expires.

Implementation status

Mobile devices to have a password configuration is: false

Implementation

Prerequisites

You have Microsoft Defender for Cloud Apps.

Next steps

To set mobile device management profiles, use the Microsoft Intune admin center:

  1. Select Devices, then under Policy select Configuration profiles
  2. If there are no policies, select Create Policy.
    1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
    2. Click on the new policy name.
    3. Under Configuration settings click Edit.
    4. In the Password section, ensure that Password is set to Require.
  3. If there are existing policies, per each policy
    1. Select the policy by clicking on it.
    2. Select Edit next to Configuration settings.
    3. In the Password section, ensure that Password is set to Require.

Learn more

Create device profiles in Microsoft Intune | Microsoft Learn