Remote Monitoring & Management Help

Security - Microsoft Windows Phone 8.1

Select the required option Passcode or Restrictions and click add_icon Configure to add and clip1166 Remove Configuration to delete the settings.




Allow simple value

Allow the use of repeating, ascending or descending character sequences such as 1111 or 1234

Passcode type

Type of passcode that must be used: Any, Alphanumeric Password, Numeric PIN Password

Minimum passcode length

Minimum number of characters required for the passcode (4->16)

Minimum number of complex types

Minimum number (1 - 4 ) of character types that must be used.

Maximum passcode age

Days (1 - 730) after which passcode must be changed. If not set, then the password will never expire.

Passcode history

The number (1 - 50) of unique passcodes required before reuse. If not set, the user can re-use any existing password.

Maximum grace period for device lock

Maximum device lock grace period user is allowed to set on device: Not specified, 1 Minute, 3 Minutes, 5 Minutes, 15 Minutes, 30 Minutes, 1 Hour. If not set, password will be required when unlocking device always.

Maximum failed attempts before wiping

Number of incorrect passcode attempts (3 - 999) before all data on the device will be erased. If not set, then the device will never be wiped.

Please be aware, if a device has multiple Passcode policies in place the strictest policy will be applied, regardless of whether this policy was set via the Dashboard





Allow WiFi

Allow internet sharing

Allow auto connect to WiFi Sense hotspots

Allow WiFi HotSpot reporting to Microsoft

Allow manual WiFi configuration

Allow connecting to WiFi networks outside of MDM server installed networks


Allow NFC

Allow Bluetooth

Allow data roaming

Allow VPN roaming over cellular

Allow the device to use VPN while roaming on cellular networks

Allow VPN over cellular

Allow the device to use VPN while using a mobile data connection

Allow USB connection


Allow SD card access

Enable or disable SD card usage

Allow telemetry

Allow the device to send telemetry information such as SQM (Software Quality Metrics) and Watson

Allow location

Allow location services


Allow copy and paste

Allow screen capture

Allow save as office file

Allow sharing of office file

Allow Cortana

Allow sync my settings


Allow Microsoft account connection

Allow Microsoft account to be used for non-email related connection authentication and services

Allow adding non Microsoft accounts

Allow the user to add non-Microsoft email accounts


Allow manual installation of root certificates

Allow user to install root and intermediate certificates

Enable BitLocker device encryption

Once internal storage encryption is enabled, the phone automatically begins encrypting the internal storage with AES 128. and it cannot be turned off via this policy

Please note, once encryption is enabled it cannot be reverted.

Application Management

Allow Store

Allow User to access App Store

Allow Developer unlock

Allow user to developer unlock device


Allow Browser


Allow Camera


Allow search to use location

Allow saving of images from Vision search

Lock Screen

Allow action center notifications on lock screen

Advanced Settings

Allow user to unenrol from MDM

Deselect to prevent users from unenrolling their device from the MDM service. Devices can still be unenrolled through the dashboard.

Allow user to reset phone

Prevent users from being able to reset the phone. A remote wipe can still be initiated from the dashboard or from Exchange