Set the Number of Sign-in Failures Before a Voice Mail User Is Locked Out

Applies to: Exchange Server 2013, Exchange Online

Topic Last Modified: 2013-02-22

You can configure the number of sign-in failures allowed before an Outlook Voice Access user is locked out of their mailbox. The number of sign-in failures allowed before a voice mail user is locked out is configured on a Unified Messaging (UM) mailbox policy, and applies to all UM-enabled users associated with the UM mailbox policy. By default it is set to 15.

To increase security, decrease the maximum number of failed attempts. However, remember that if you decrease it to a number much lower than the default, users may be locked out unnecessarily. Unified Messaging will generate warning events you can view using Event Viewer if PIN authentication fails for UM-enabled users or if users are unsuccessful when they try to sign in to the system. This setting must be larger than the setting for the number of sign-in failures before the PIN is reset.

For additional tasks related to Outlook Voice Access PIN security, see PIN Security Procedures.

What do you need to know before you begin?

Estimated time to complete: Less than 1 minute.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.
Before you perform these procedures, confirm that a UM dial plan has been created. For detailed steps, see Create a UM Dial Plan.
Before you perform these procedures, confirm that a UM mailbox policy has been created. For detailed steps, see Create a UM Mailbox Policy.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.

Tip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

What do you want to do?

Use the EAC to configure the number of sign-in failures before a voice mail user is locked out

In the EAC, navigate to Unified Messaging > UM dial plans.
In the list view, select the UM dial plan you want to change, and then click Edit .
On the UM dial plan page, under UM Mailbox Policies, select the UM mailbox policy you want to change, and then click Edit .
Click PIN policies, and next to Number of sign-in failures before lockout, enter a value between 1 and 999.
Click Save.

Use the Shell to configure the number of sign-in failures before a voice mail user is locked out

This example sets the maximum number sign-in attempts to 10 for UM-enabled users who are associated with a UM mailbox policy named MyUMMailboxPolicy.

	Copy Code
Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -MaxLogonAttempts 10

This example sets the number of sign-in failures before the Outlook Voice Access user's PIN is reset to 3, the maximum number of sign-in attempts to 5, and a minimum PIN length to 9 for UM-enabled users who are associated with a UM mailbox policy named MyUMMailboxPolicy.

	Copy Code
Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -LogonFailuresBeforePINReset 3 -MaxLogonAttempts 5 -MinPINLength 9