Details
Retaining the password history ensures that old passwords will not be reused within a reasonable timeframe.
Rationale:
The longer a user uses the same password, the greater the chance that an attacker can determine the password through a brute force attack. Also, any accounts that may have been compromised will remain exploitable for as long as the password is left unchanged. If password changes are required but password reuse is not prevented, or if users continually reuse a small number of passwords, the effectiveness of a good password policy is greatly reduced. If you specify a low number for this setting, users will be able to use the same small number of passwords repeatedly.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-MobileDeviceMailboxPolicy -PasswordHistory 4
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.