Enforce password history

DevicePasswordHistory

Level 1 (L1) Corporate/Enterprise Environment (general use)

1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)' (Automated)

Specifies how many passwords can be stored in the history that can't be used.

The value includes the user's current password. This value denotes that with a setting of 1, the user can't reuse their current password when choosing a new password, while a setting of 5 means that a user can't set their new password to their current password or any of their previous four passwords.

Max policy value is the most restricted.

DeviceLock Policy CSP - Windows Client ManagementMicrosoftLearn

PreviousAccount Protection NextEnsure Maximum password age

Last updated 2 years ago