none
Ex2010 ActiveSync and iOS Alphanumeric password enforcement

    Pregunta

  • Has anyone had any luck specifying a password combination of say 8, with letters and numbers (no specials chars)?

    It seems that the iOS devices misinterpret (or perhaps Exchange wording is bad) the Require alphanumeric password - minimum number of character sets.

    We need just numbers and letters, but if you set the above option, the device asks for numbers/letters and a number of special characters (the number you put in the character set box).

    Also, does anyone have a opinion of reducing the complexity of a passcode, but also decreasing the number of attempts before wipe and a low passcode timeout.

    Passcode 4 digits, timeout immediate, wipe after 6
    vs
    Passcode 8 simple, timeout 2min, wipe after 6
    vs
    Passcode 8 complex, timeout  5min, wipe after 8.

    Thanks.

    martes, 29 de marzo de 2011 5:36

Todas las respuestas

  • So, iOS still ask for characters even though the “Require alphanumeric password” option hasn’t been selected, right?

    How about other mobile devices? Please check if the issue still appears by using windows mobile emulator

    As security is the priority, I will go to option 3, and wipe after 4

    Passcode 8 complex, timeout  5min, wipe after 8

    James Luo

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    miércoles, 30 de marzo de 2011 3:19
  • This is how it is setup:

    ActiveSync Profile settings in EMC:

    Require alphanumeric password: Checked
           - minimum number of character sets: 2

    The same profile in the shell:

    AlphanumericDevicePasswordRequired = True
    MinDevicePasswordComplexCharacters = 2


    Observations:

    An iOS device interprets the policy as the shell setting is worded - passcode must contain 2 complex characters.
    A Windows Mobile 6.5 device interprets the policy as worded in the EMC - password must contain 2 character types (numbers and leters).

    So it looks like the problem is at all ends - the Exchange server is inconsistant with itself, the Windows Mobile 6.5 honors the wording in the console, but not the shell, and the iOS device honors the wording in the shell not the console.

    If the alphanumeric option is not checked both devices let you have a passcode of a single character type.

    miércoles, 30 de marzo de 2011 4:41
  • Quote: “the Windows Mobile 6.5 honors the wording in the console, but not the shell, and the iOS device honors the wording in the shell not the console”

    Doesn’t the console and shell modify the same settings? What would happen to Windows Mobile if you change the settings via EMS instead EMC, it won’t apply the policy?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    jueves, 31 de marzo de 2011 2:20
  • If you change the shell property MinDevicePasswordComplexCharacters, the console displays the same value in the minimum number of character sets box. So they are both the same setting. So I am wondering what is the intent of the setting? Is it the number of character sets? or the number of complex characters?

    jueves, 31 de marzo de 2011 3:34
  • Need to research further on it

    • Editado Alan.Gim lunes, 04 de abril de 2011 7:25
    viernes, 01 de abril de 2011 2:58
  • Ok so the wording the Exchange 2010 shell is slightly misleading, and Apple have implemented a client that interprets MinDevicePasswordComplexCharacters as the number of special characters rather than the number of character sets required.

    viernes, 01 de abril de 2011 3:23
  • The MinDevicePasswordComplexCharacters is have only a value range 1 to 4 representing the 4 type of character set required.  Not number of special characters.

    MinDevicePasswordComplexCharacters
    http://msdn.microsoft.com/en-us/library/ee201726(v=exchg.80).aspx

    Valid values for MinDevicePasswordComplexCharacters are 1 to 4. The value specifies the number of character groups that are required to be present in the password. The character groups are defined as:

    • Lower case alphabetical characters

    • Upper case alphabetical characters

    • Numbers

    • Non-alphanumeric characters

    For example, if the value of MinDevicePasswordComplexCharacters is 2, a password with both upper case and lower case alphabetical characters would be sufficient, as would a password with lower case alphabetical characters and numbers.

    • Propuesto como respuesta John Mak - MSFT martes, 12 de abril de 2011 0:11
    martes, 12 de abril de 2011 0:11
  • I'm joining this thread late, even though there has been no activity for almost a year, because I am having the issue described by the original poster and cannot find a solution.  To reiterate, iOS is interpreting the MinDeviceComplexCharacters as the number of special characters required in a password.  If I set that number to 4 then I am forced to set my device alpha-numeric passcode to also have a minimum of 4 special characters.  Has anyone figured out a way to get iOS devices to require just alpha-numeric passwords?
    jueves, 15 de marzo de 2012 17:55