🎯 Purpose
✅ Enforce automatic device locking after inactivity, meeting Essential Eight – User Access Hardening (Maturity Level 1) requirements.
➡️ This policy ensures Windows devices lock when unattended, preventing unauthorised access.
👥 Who is affected
✅ Devices: All Windows 10 / 11 devices
🚫 Exclusions: None
➡️ Every managed Windows device must automatically lock after inactivity. No exceptions.
☁️ What access is protected
✅ Access type: Local device access
✅ Sessions: Active user sessions on Windows devices
➡️ Unattended devices cannot be accessed without re‑authentication.
🔐 How idle lock is enforced
✅ Device lock enforced at the OS level
✅ Automatic lock triggered after 5 minutes of inactivity
✅ User cannot bypass or extend the timeout
➡️ Walk‑up access and unattended session abuse are prevented.
ℹ️ Note: A 5‑minute timeout provides strong protection while keeping user disruption low, making it suitable for IBP.
⚙️ What this policy does NOT enforce
🚫 Password complexity requirements
🚫 Multi‑factor authentication
🚫 Device compliance checks
🚫 Screen saver or power management settings
➡️ These controls are intentionally handled by separate IBP and M2/M3 policies.
🟢 Policy status
✅ Enabled
✅ Assigned to all devices
✅ Actively enforcing idle device lock
📘 Essential Eight Alignment
✅ Meets Essential Eight – User Access Hardening (Maturity Level 1)
✅ Reduces risk of unauthorised access to unattended devices
ℹ️ Shorter lock timers and additional session controls are addressed in Maturity Levels 2 and 3
📘 Practical Interpretation (Executive‑Friendly)
This Idle Lock policy ensures that:
✅ Every Windows device
✅ Automatically locks when left unattended
✅ Preventing walk‑up access and shoulder‑surfing
✅ Without impacting normal productivity
This establishes a high‑value, low‑impact access control baseline required by Essential Eight Maturity Level 1 and provides a clear foundation for stronger session security in higher maturity levels.