Passcode
The Passcode settings enforce the use of a secure passcode to unlock an Android device.
The following table describes the passcode settings that you can configure on a device.
Policy setting | Description | Support Matrix |
---|---|---|
Configure Device Passcode Policy: This policy enforces device passcodes on Profile Owner (PO) and Device Owner (DO) modes for Android Enterprise 5.0+. An administrator can reset the passcode in Device Owner (DO) mode only. | Android 5.0+ (PO) and (DO) | |
Configure Device Passcode | IT administrators can set a passcode to all the enrolled devices. When a device gets enrolled to IBM MaaS360, the device is automatically set with the admin-configured Passcode. This policy is supported from Android 8.90+. | Android 5.0+ (DO) |
Set Passcode | Note: Enable the Configure Device Passcode checkbox to view this
setting.
Set a passcode for the device. This policy is supported from Android 8.90+. |
Android 5.0+ (DO) |
Delay for passcode prompt after lock screen | The amount of time that passes before a passcode prompt appears on the screen of a
locked Android device. The values are as follows.
|
DO With KNOX (SAFE 2.0+) |
Allowed idle time (in minutes) before auto-lock | The amount of time the device remains inactive before the device is locked
automatically. The values are as follows.
|
Android 5.0+ (PO & DO) |
Allowed idle time (in hours) for stronger authentication | The amount of time that a user can wait before stronger authentication is forced on the device. The range is 1 - 72 hours. | Android 8.0+ (PO & DO) |
Number of failed passcode attempts before all data is erased (factory reset) | The number of password attempts that are allowed before the device
is wiped. The range is 0 - 16 attempts. If you leave this field blank or enter a zero in the field, the device remains unlocked and data is not wiped from the device. |
Android 5.0+ (PO & DO) |
Configure Work Profile Passcode Policy: The passcode for the Work Profile. (Android 7.0+ PO only). The passcode prompt is displayed when a user opens the Work Profile feature or app. If a device uses a device-level passcode (either optional or enforced) and that passcode matches the Work Profile passcode, then the user can enter the passcode once to unlock both the device and the Work Profile. | Android 7.0+ (PO) | |
Minimum Passcode Complexity | Specify the minimum complexity requirement of a password for the screen lock. The password is
applied in the form of predefined complexity buckets (High, Medium, Low, and None). Users must
create a matching or a stronger passcode, but they cannot set a password with a lesser complexity
level. Requirements:
Notes:
|
|
Minimum Passcode Quality | The type of passcode that users can create. Users can create a matching or a strong passcode.
The values are as follows.
Note: Google deprecated Minimum Passcode Quality and Minimum
Passcode Length for setting passcode on Profile Owner (PO) devices. MaaS360 no longer
supports these deprecated policies when users upgrade to the MaaS360 for Android app version 7.90+
on Android devices with version 12 and later. Use Minimum Passcode Complexity
to set device and work profile passcode restrictions for Profile Owner devices.
|
Android 7.0+ (PO), Android 5.0+ (DO) |
Minimum Passcode Length (4 - 16 characters) | The minimum number of characters that are needed for a passcode. The range is 4
- 16 characters. Note: Google deprecated Minimum Passcode Quality and
Minimum Passcode Length for setting passcode on Profile Owner (PO) devices.
MaaS360 no longer supports these deprecated policies when users upgrade to the MaaS360 for Android
app version 7.90+ on Android devices running OS version 12 and later. Use Minimum
Passcode Complexity to set device and work profile passcode restrictions for Profile
Owner devices.
|
Android 7.0+ (PO) |
Maximum passcode age (in days) | The number of days that can pass before a passcode must be changed. The range is 1 - 999
days. If you leave this field blank or enter a zero in the field, the passcode never expires. |
Android 7.0+ (PO) |
Passcode History | The number of times a unique passcode is used before an older passcode can
be used again. The range is 0 - 99 times. If you leave this field blank or enter a zero in the field, you can reuse a passcode that you previously used on the device. |
Android 7.0+ (PO) |
Allowed idle time (in minutes) before auto-lock | The amount of time the device remains inactive before the device is locked
automatically. The values are as follows.
|
Android 7.0+ (PO) |
Allowed idle time (in hours) for stronger authentication | The amount of time that a user can wait before stronger authentication is forced on the device. The range is 1 - 72 hours. | Android 8.0+ (PO) |
Number of failed passcode attempts before all data is erased (factory reset) | The number of password attempts that are allowed before the device
is wiped. The range is 0 - 16 attempts. If you leave this field blank or enter a zero in the field, the device remains unlocked and data is not wiped from the device. |
Android 7.0+ (PO) |
Disallow Unified Password | This policy setting specifies that the managed profile is not allowed to have a unified lock screen challenge with the primary user. Setting this restriction alone does not automatically set a separate challenge for the Work Profile. | Android 9.0+ (PO) |