Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

You can configure the number of logon failures allowed before Outlook Voice Access users are locked out of their mailbox in Microsoft Exchange Server 2010. The number of logon failures allowed before a mailbox is locked out is configured on a Unified Messaging (UM) mailbox policy and applies to all UM-enabled users associated with the UM mailbox policy.

To increase security, decrease the maximum number of failed attempts. However, remember that if you decrease it to a number much lower than the default, users may be locked out unnecessarily. Unified Messaging will generate warning events you can view using Event Viewer if PIN authentication fails for UM-enabled users or if users are unsuccessful when they try to log on to the system.

Looking for other management tasks related to UM mailbox policies? Check out Managing UM Mailbox Policies.

Prerequisites

Use the EMC to configure the number of logon failures before a mailbox is locked out

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.

  1. In the console tree, navigate to Organization Configuration > Unified Messaging.

  2. In the work pane, click the UM Mailbox Policies tab, select the UM mailbox policy you want to manage, and then, in the action pane, click Properties.

  3. On the UM mailbox policy Properties page, click the PIN Policies tab.

  4. On the PIN Policies tab, under Failed Logons, next to Number of incorrect PIN entries before UM mailbox is locked out, enter a value between 1 and 998.

  5. Click OK to save your changes.

Use the Shell to configure the number of logon failures before a mailbox is locked out

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.

This example sets the maximum number logon attempts to 10 for UM-enabled users who are associated with a UM mailbox policy named MyUMMailboxPolicy.

Copy Code
Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -MaxLogonAttempts 10

This example sets the number of logon failures before the user's PIN is reset to 3, the maximum number logon attempts to 5 and a minimum PIN length to 9 for UM-enabled users who are associated with a UM mailbox policy named MyUMMailboxPolicy.

Copy Code
Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -LogonFailuresBeforePINReset 3
-MaxLogonAttempts 5 -MinPINLength 9

For more information about syntax and parameters, see Set-UMMailboxPolicy.

Other Tasks