[Index]
Title | Description | Details | |||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
MaximumLogonAttempts | Indicates the number of sequential logon failures that are allowed before a user's PIN is automatically locked. Logon failures are counted in two different ways: local logon failures and global logon failures. When a user first tries to logon, a new 30 minute observation window starts; each failed logon during that 30 minute window is recorded as both a local logon failure and a global logon failure. If the user reaches the MaximumLogonAttempts during that 30 minute observation window then he or she will temporarily be locked out of the system for one hour; during this time they will not be able to logon using PIN authentication even if they supply the correct PIN. After the lockout period has expired, the user's local logon attempts will be reset to 0. However, the user's global logon attempts will not be reset. If the user continually fails to logon, he or she will eventually reach the maximum number of allowed global logon attempts. Any user who reaches that point will have their PIN locked by the system, and will not be able to use PIN authentication until an administrator has unlocked the PIN. The maximum number of allowed logon attempts also varies with PIN size; this is why the MaximumLogonAttempts property does not show a default value when you run Get-CsPinPolicy. By default, a PIN length of 4 allows users 10 local logon attempts and 100 global logon attempts. A PIN length of 5 allows 25 local and 1000 global logon attempts, and PIN lengths greater than 6 allow 25 local tries and 5000 global tries. If you specify a value for the MaximumLogonAttempts property that value will be used for the maximum allowed number of local logon tries; however, global logon values do not change regardless of the value assigned to MaximumLogonAttempts. Each time a user successfully logs on using PIN authentication the local failed logon attempts is reset to 0. The global logon attempts are only reset when an administrator unlocks a user's PIN. MaximumLogonAttempts can be set to any whole number between 1 and 999, inclusive. However, it is recommended that you do not modify this property. When set to a null value (the default value) Skype for Business Server 2015 will automatically calculate lockout policies. This typically provides the most security. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
MinPasswordLength | The minimum allowed length (that is, the minimum number of digits) in a PIN. For example, if MinPasswordLength is set to 8 then a PIN of 1259 will be rejected because that PIN only has 4 digits. PIN lengths must have at least 4 digits but no more than 24 digits; the default value is 5. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Description | Enables administrators to provide explanatory text to accompany a PIN policy. For example, the Description might include information about the users the policy should be assigned to. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
PINLifetime | Indicates the length of time (in days) that a PIN remains valid; after the PIN lifetime expires users must select a new PIN number before they will be allowed to use PIN authentication to gain access to the system. PINLifetime can be set to any whole number between 0 and 999, inclusive; 0 indicates that PIN numbers never expire. By default, the PIN lifetime is set to 0 days. If you set the PINLifetime to a value greater than 0 then you must also set the PINHistoryCount to a value greater than 0. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
AllowCommonPatterns | Indicates whether or not "common patterns" are allowed in PINs. Common patterns include repeating digits (222222); four or more consecutive digits (123456); and PINs that match a user's phone number or extension number. If set to True common patterns (such as the PIN 456789, which includes consecutive digits) are allowed; if set to False common patterns are not allowed. The default value is False. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
PINHistoryCount | Indicates how often users are allowed to reuse the same PIN. For example, if the PINHistoryCount is set to 3, then the first three times a user resets his or her PIN they must use a new PIN; on the fourth reset, they can reuse their first PIN. (And, on the fifth reset, they can reuse their second PIN, and so on.) The PIN history count can be any whole number between 0 and 20, inclusive; 0 means that users can use the same PIN number over and over again. By default, PINHistoryCount is set to 0. If the PINLifetime is set to any value greater than 0 then the PINHistoryCount must also be greater than 0. For example, you cannot set PINLifetime to 30 and leave PINHistoryCount at 0. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
ScopeClass |
|
||||||||||||||||||||||||||||||||||||||||||||||||
Element |
|
||||||||||||||||||||||||||||||||||||||||||||||||
InMemory | Creates an object reference without actually committing the object as a permanent change. If you assign the output of this cmdlet called with this parameter to a variable, you can make changes to the properties of the object reference and then commit those changes by calling this cmdlet's matching Set-<cmdlet>. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Identity * | Indicates the unique Identity to be assigned to the policy. PIN policies can be created at the site or per-user scope. To create a policy at the site scope, use syntax similar to this: -Identity site:Redmond To create a policy at the per-user scope, use syntax similar to this: -Identity RedmondPinPolicy |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Anchor |
|
||||||||||||||||||||||||||||||||||||||||||||||||
Tenant | Globally unique identifier (GUID) of the Skype for Business Online tenant account for whom the new PIN policy is being created. For example: -Tenant "38aad667-af54-4397-aaa7-e94c79ec2308" You can return the tenant ID for each of your Skype for Business Online tenants by running this command: Get-CsTenant | Select-Object DisplayName, TenantID |
|