# Lockout screen and password settings shall be configured for each device
## Description
Lockout screen timeouts should be configured for a certain number of minutes of activity for all device platforms. Password complexity requirements should be enforced and users should be prompted to change their password if it does not meet corporate requirements. In Intune, the location to configure these settings varies depending on the platform.
**Windows**: Security Baselines (Device Lock, Local Policies Security Options), Configuration Profiles (Device Restrictions: Password)
**macOS**: Compliance Policy (System Security)
**iOS**: Compliance Policy (System Security)
**Android**: Compliance Policy (System Security)
## Policy
* All supported devices have configuration settings defined/enforced for lockout screen timeouts and passwords
## Licensing Considerations
• Any tenant with Intune licensing can access this setting.
## Set-Up Instructions
Windows Security Baselines: [Create security baseline profiles in Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/security-baselines-configure#create-the-profile)
1. Under Device Lock set the password requirements
2. Under Local Policies Security Options, Set the Minutes of lock screen inactivity until screen save activates policy
macOS Compliancy Policy: [macOS device compliance settings in Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-mac-os)
1. Under System Security, modify the Password requirements and minutes of inactivity before password required
iOS Compliancy Policy: [iOS/iPadOS device compliance settings in Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios)
1. Under System Security, modify the Password requirements and minutes of inactivity before password required
Android Compliancy Policy: [Android Enterprise compliance settings in Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android-for-work)
1. Under System Security, modify the Password requirements and minutes of inactivity before password required
## End-User Impact
{% hint style="info" %}
Level: Medium
{% endhint %}
End users who enroll devices into Intune after this policy is enforced may be prompted to update their password if the policy requirements are not met on the device.
{% hint style="info" %}
Tips
Make sure you don’t have conflicting policies between configuration profiles, security baselines, and compliance policies
{% endhint %}
## PowerShell Scripts
[powershell-intune-samples/CompliancePolicy at master · microsoftgraph/powershell-intune-samples (github.com)](https://github.com/microsoftgraph/powershell-intune-samples/tree/master/CompliancePolicy)
[powershell-intune-samples/DeviceConfiguration at master · microsoftgraph/powershell-intune-samples (github.com)](https://github.com/microsoftgraph/powershell-intune-samples/tree/master/DeviceConfiguration)
## Videos
{% embed url="" %}
{% embed url="" %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.tminus365.com/security/intune/lockout-screen-and-password-settings-shall-be-configured-for-each-device.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.