How to edit the password policy for an organization in the Control Panel


This article explains how to edit the password policy for an organization in the Control Panel.


You must have a Sherweb hosted Exchange, Lync or SharePoint account.

How to

Use this guide to learn how to edit the following settings in your organization’s password policy:


  • complexity requirement (on/off)
  • number of remembered passwords
  • minimum length
  • minimum time of conservation
  • lockout threshold
  • lockout duration
  • lockout observation window


If you need to set an expiry (maximum time of conservation), please contact our support team and we will be happy to assist.


1. Log into the Control Panel.


2. In your organization, under the Tasks in the organization Settings section, click on the Edit Password Policy link.



3. In this page, you have the default password policy settings. All options are greyed out by default.



4. To modify the policy, check the Use custom password policy? box. You are now able to edit the settings.


Password must meet complexity requirements?: Whether to require users to enter a complex password (uppercase, lowercase, numbers and punctuations).
If not checked then users can set simple passwords.

 Number of remembered passwords
: Users will not be able to re-use any remembered passwords.
Set this to the number of passwords to be kept in history.

 Minimum length
: The least number of characters that can make up a password.

 Minimum time of conservation
: The minimum time a user has to keep the same password before it can be changed. (Format: d.hh:mm:ss)

Lockout threshold: The number of times a password can be tried before being locked out. 0 means there is no limit.

 Lockout duration
: The amount of time the account will remain locked. For example, if this is set to 120 minutes, the account will become unlocked again after 2 hours have elapsed.
If this setting is not specified, the account will never automatically unlock, and will need to be manually unlocked. (Format: d.hh:mm:ss)

 Lockout observation window
: The length of time within which the user must reach the lockout threshold for the account to become locked. For example, if this is set to 10 minutes and the Account Lockout Threshold is 5, the user must have 4 more failed login attempts within 10 minutes of their first failed login for their account to become locked.
If this setting is not specified, the account will become locked once that user’s number of failed login attempts equals the Account Lockout Threshold, regardless of how much time has elapsed. (Format: d.hh:mm:ss)


 5. Click on Save to save your modifications.


If you need further assistance, please do not hesitate to contact us.

Applicable to

All Sherweb hosted Exchange, SharePoint and Lync accounts