![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 41%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH2%3C/text%3E%3C/svg%3E)
Hey Rob,
Actually, this is a common point of confusion with Entra ID (Azure AD) joined devices. The settings you found are actually for cloud-only password attacks, not for interactive logins on Windows devices.
For what you're trying to accomplish, you'll need to configure these lockout settings through Entra ID's security policies instead. Here's how to set it up:
Go to the Entra ID admin center
Navigate to Protection > Authentication methods > Password protection
In the "Custom banned passwords" section, you'll find the Lockout threshold setting - this is where you set it to 5 attempts
Below that, set the Lockout duration in seconds to your preferred time (900 seconds = 15 minutes)
These settings will then apply to all your Entra ID joined machines. The policy might take a little while to propagate across all devices.
Hope this clears things up! If this solves your problem, please mark it as accepted.