Skip to main content

Hello,

We would like the following flow for our password Configuration Profile:

  1. If a user enters the incorrect password 5 times in a row...
  2. The user will be locked for 10 minutes...
  3. After which they can try to login again or reset their password...
  4. WE DO NOT WANT TO REQUIRE A LOCAL ADMIN TO RESET THE ACCOUNT IF IT IS LOCKED OUT

I can see that there is a setting "Delay after Failed Login Attempts (Not compatible with macOS 10.11 or later)

Delay after maximum number of failed attempts, in minutes. Requires configuring Maximum Number of Failed Attempts." in the Passcode section of the Configuration Profile. 
 
Does that setting meet our requirements? 

Hey Peterr,

 

Those settings should meet the requirements of your parameters. Just note, in my experience within a minute a user will phone a helpdesk and ask for a recovery key lol. 

Even when the OS messages says on the screen you are locked out try again in 5 mins  : ) Also I think T1, T2 and Apple CPU have a version of this baked in the the hardware...

Terms & ConditionsCookie settingsAccessibility statement