Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
You can configure the number of logon failures allowed before Outlook Voice Access users are locked out of their mailbox in Microsoft Exchange Server 2010. The number of logon failures allowed before a mailbox is locked out is configured on a Unified Messaging (UM) mailbox policy and applies to all UM-enabled users associated with the UM mailbox policy.
To increase security, decrease the maximum number of failed attempts. However, remember that if you decrease it to a number much lower than the default, users may be locked out unnecessarily. Unified Messaging will generate warning events you can view using Event Viewer if PIN authentication fails for UM-enabled users or if users are unsuccessful when they try to log on to the system.
Looking for other management tasks related to UM mailbox policies? Check out Managing UM Mailbox Policies.
Prerequisites
- A UM dial plan has been created. For detailed steps, see
Create a UM Dial
Plan.
- A UM mailbox policy has been created. For detailed steps, see
Create a UM
Mailbox Policy.
Use the EMC to configure the number of logon failures before a mailbox is locked out
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.
- In the console tree, navigate to Organization
Configuration > Unified Messaging.
- In the work pane, click the UM Mailbox Policies tab,
select the UM mailbox policy you want to manage, and then, in the
action pane, click Properties.
- On the UM mailbox policy Properties page, click the
PIN Policies tab.
- On the PIN Policies tab, under Failed Logons,
next to Number of incorrect PIN entries before UM mailbox is
locked out, enter a value between 1 and 998.
- Click OK to save your changes.
Use the Shell to configure the number of logon failures before a mailbox is locked out
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.
This example sets the maximum number logon attempts to
10 for UM-enabled users who are associated with a UM mailbox policy
named MyUMMailboxPolicy
.
Copy Code | |
---|---|
Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -MaxLogonAttempts 10 |
This example sets the number of logon failures before
the user's PIN is reset to 3, the maximum number logon attempts to
5 and a minimum PIN length to 9 for UM-enabled users who are
associated with a UM mailbox policy named
MyUMMailboxPolicy
.
Copy Code | |
---|---|
Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -LogonFailuresBeforePINReset 3 -MaxLogonAttempts 5 -MinPINLength 9 |
For more information about syntax and parameters, see Set-UMMailboxPolicy.
Other Tasks
After you configure the number of logon failures before a mailbox is locked out, you may also want to: