Remote password and session locking

Configure a remote password and session locking policy for your Windows and macOS devices. Use this policy to create rules that protect endpoint user accounts from unauthorized access.

This policy enables you to configure:

  • Password : Define requirements for user passwords within the operating system. Strengthen security by enforcing:
    • Password complexity
    • Limited lifespan
    • Restrictions on password reuse
  • Screen lock-out : Automatically lock the user’s device after a specified number of failed login or unlock attempts. Admin users with sufficient permissions can configure the policy to set the maximum number of attempts and the lock-out duration, preventing unauthorized access and protecting accounts from brute force attacks.
Important

Coro does not trigger Endpoint Security tickets for this policy type as it directly enforces functionality on affected devices.

Configuring password and session locking policies

To configure a new password and session locking policy:

  1. From the Device Posture tab, select + ADD :

    Add new device posture policy

  2. Select the device operating system to which the new policy will be added ( Add to macOS or Add to Windows ).

    Coro displays the Add new device policy dialog.

  3. Select Remote Password & Session Locking from the Select policy type dropdown:

    Password and session locking policy attributes

  4. Configure the following Password attributes:
    • Minimum length : The minimum password length (up to 14 characters).
    • Minimum age (days) : Specifies the minimum number of days a user must keep their password before they are allowed to change it (up to 365 days).
    • Maximum age (days) : Specifies the maximum number of days a user must keep their password before they are allowed to change it (up to 365 days).
    • Enforce password history : Specifies the number of unique passwords a user must use before they can reuse a previous password (up to eight previous passwords).
    • Password must meet complexity : When enabled, the following password complexity requirements are enforced:

      The password must contain characters from three of the following categories:

      • Uppercase letters (A-Z)
      • Lowercase letters (a-z)
      • Numbers (0-9)
      • Special characters (!, @, #, $, %, etc)
  5. Configure the following Screen lockout attributes:
    • Lockout duration : Specify how long the screen remains locked after activation (up to three hours).
    • Lockout threshold (attempts) : Set the number of failed login attempts allowed before triggering a lockout (up to 10 attempts).

    Password and session locking policy Screen lockout attributes

    note

    You must set both parameters to configure a screen lock.

  6. Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices:

    Apply the device posture policy to groups of devices

  7. Select SAVE to save your new policy with the configured settings.

    Coro creates the policy with the configured settings.

To view the policy, select the dropdown arrow indicator next to Remote Password & Session Locking on the Device Posture tab. See Device posture.

Coro displays the following policy details:

  • Device labels applicable to the policy:

    View assword and session locking policy policy

Policy enforcement

Coro applies a Screen lockout policy immediately.

Coro applies a Password policy when:

  • The user logs off the device.
  • The device restarts.
  • The device enters screen lock.
note

All policy enforcement information is presented through your operating system's user interface.