pdf icon
Category Filter
x

Passcode

You can define the parameters for creating a passcode and configure the passcode settings here.

The MDM password expires after the Maximum passcode age set by the administrator. After expiry, the user is enforced to change the password. The user should unlock the device using the expired password in order to change it, while other device functionalities are restricted. During the final few days until expiry, the user will be reminded to change the password.

Only devices running Android 5.0 or above can be provisioned as Profile Owner or Device Owner.

FEATURE DESCRIPTION SAMSUNG NON-SAMSUNG
LEGACY PROFILE OWNER DEVICE OWNER
Apply Passcode to
(Applicable for devices running 7.0 or later versions)
Specify if you want the passcode to be applied to the whole device or only to the work profile container (created as the device is provisioned as Profile Owner) or both. When applied to a work profile container, the passcode is applied to the managed apps distributed via MDM and installed on the container.
Configure Passcode requirements: You can select the conditions that need to be met when the users configure a passcode on devices.
Default passcode: You can enter the common passcode that must be enforced on the devices. The user cannot modify the passcode set.
Password removal: In the case of digital signage, organizations must set up the device without a passcode. Using this option, any existing passcode on the device can be removed and users can be prevented from manually configuring a passcode on these devices. Not applicable for devices running Android 11.0 or above
Note: Password set by the user can not be removed from Samsung devices running Android 9.0 or above, enrolled via invite method
Minimum passcode requirement (Applicable when Passcode Requirements is selected) You can define the minimum passcode type required or allowed to create a passcode. The increasing order of security in the passcode type is Simple value-> Numbers-> Alphabet-> Alphanumeric-> Complex Value. On choosing a minimum required passcode type for example, as 'Numbers', then the passcode that is set on the device can contain numbers, alphabets, alphanumeric characters or complex values.
'Simple Value (Pattern)' enables you to set patterns, pin or passwords for the device. Not applicable for devices running Android 11.0 or above
On choosing 'Numbers', you can set either a pin or password for the device. The password can contain numbers, alphabets, alphanumeric or complex values.
'Alphabet' allows you to set only passwords for the device. The password can contain alphabets, alphanumeric or complex values.
'Alphanumeric' passcode allows you to set a password that contains both numbers and alphabets. Special characters can also be included.
'Complex Value' type of passcode enables you to set a password that contains alphabets, numbers and at least one special character.
Minimum passcode length
(Cannot be configured only if Minimum passcode requirement is pattern or numbers)
You can define a minimum length for the passcode here.
Maximum number of failed attempts (Applicable when Passcode Requirements is selected) Maximum number of failed attempts allowed can be specified. When the number of attempts exceeds, the device will be reset, completely wiping all the data in the device.
Maximum idle time allowed before auto-lock (Applicable when Passcode Requirements is selected) Maximum allowed idle time before the device auto-locks itself. The user can select a value less than the one specified by the admin. For example: If the admin selects 2 mins, the user can set the idle time less than 2 mins.
Number of passcodes to be maintained in the history (Supported from Android 4.0 and applicable when Passcode Requirements is selected) Total number of previous passcodes to be maintained, so that it cannot be reused.
Maximum passcode age (Supported from Android 4.0 and applicable when Passcode Requirements is selected) User will be notified to reset the Passcode based on the days specified here
Force passcode policy after (Applicable when Passcode Requirements is selected) Specify the time after which the device user needs to set a passcode on the device complying with the passcode policy configured in MDM. In Samsung devices, users are prompted immediately to set a passcode irrespective of the time set here in the case there is no passcode set on the device. If a passcode is set but doesn't comply with the policy, then the user is prompted based on the policy settings. Applicable for devices running 7.0 or later versions Applicable for devices running 6.0 or later versions
Smart Lock (Applicable when Passcode Requirements is selected) Allow or restrict users from setting up Smart Lock on their devices, with which they can bypass the password prompt on the lock screen by configuring trust agents such as On-Body detection, Trusted places/devices/voice. Applicable for devices running 5.0 or later versions
Temporary Passcode (Applicable when Passcode Requirements is selected) A temporary passcode can be set on the device to protect the device from unauthorized access when a new corporate device is handed to the users. Admins can configure a passcode that will be set on the device until the device is unlocked. Once the device is unlocked, the user will be prompted to set a new passcode on the device based on the requirements configured. If a passcode already exists on the device, the temporary passcode will not be applied.
Unlock device using fingerprint (Samsung-only feature - Supported from Android 5.0) If this is allowed on a device, the user will be able to use fingerprint to unlock the device.
The backup password set during fingerprint registration on a device should be a simple value, number, alphabet, alphanumeric or complex according to what you choose as the Minimum Passcode Requirement.
Maximum repetition of characters
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Samsung-only feature - Supported from 4.0)
Specify how many times, can a number or an alphabet be repeated in the password (Example: If you say 2 times, you cannot use the same alphabet or number more than twice in the password).
Maximum numeric Sequence
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Samsung-only feature - Supported from 4.0)
Specify how many sequential numbers can be used in the password (Example: If you say 3, you can use up to 3 sequential numbers like 123, 456, etc..).
Minimum uppercase length
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Supported from Android 4.0)
You can define the minimum number of upper case letters required to create a passcode
Minimum lowercase letter length
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Supported from Android 4.0)
You can define the minimum number of lower case letters required to create a passcode
Minimum letter length
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Supported from Android 4.0)
You can define the minimum number of letters required to create a passcode
Minimum non-alphabetic characters
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Supported from Android 4.0)
You can define the minimum number of Non-Alphabetic Characters
required to create a passcode
Minimum numeric length
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Supported from Android 4.0)
You can define the minimum number of numeric values required to create a passcode
Minimum symbol length
(Can be configured only if Minimum passcode requirement is 'Complex Value') (Supported from Android 4.0)
You can define the minimum number of symbols required to create a passcode
BIOMETRIC PASSCODES
Use Fingerprint as passcode Allow/Restrict usage of fingerprints as device passcode
Use iris scanning as passcode Allow/Restrict usage of iris scanning as device passcode
Use face scanning as passcode Allow/Restrict usage of face scanning as device passcode
  • After distributing this policy, the passcode must be set by the user on the device. Only after this will the device details view under Inventory be updated.
  • If the user doesn't configure the passcode before the duration specified in Profile Settings, then all the apps except ME MDM app, Launcher and Settings get disabled as explained here.
  • If the device already has a passcode set on the device and it complies with the passcode policy configured in MDM, the device user will not be prompted to create a new passcode, in accordance with the MDM passcode policy.
  • If the passcode policy isn't applied on the device, verify other policies are controlling the passcode configuration. For example, you may have configured a passcode policy using Exchange. Further, verify if there any other device administrators on the device, which might be controlling the passcode policy. You can view the list of device administrators by navigating to Settings -> Security -> Other Security Settings -> Device Administrators.
  • In the case of Samsung, if the device does not factory reset automatically when the user has exceeded the maximum number of passcode attempts, it might be due to:
    • a factory reset restriction applied on the device from MDM. Navigate to Device Mgmt->Profiles->Android->Restrictions->Security on the MDM server and ensure that Restore Factory Settings is set to Allow.
    • an API which restricts device factory reset. Although, MDM initiates a factory reset, it fails as the API restriction set by a device administrator, cannot be overridden by another device administrator (MDM).

 

Jump To

    Related Articles