Passcode

The Passcode settings enforce the use of a secure passcode to unlock an Android device.

The following table describes the passcode settings that you can configure on a device:

Policy setting	Description	Support Matrix
Configure Passcode Policy: This policy enforces device passcodes on Profile Owner (PO) and Device Owner (DO) modes for Android Enterprise 5.0+. An administrator can only reset the passcode in Device Owner (DO) mode.
Minimum passcode quality	The type of passcode that users can create. Users can create a matching or a strong passcode. Options: Any Numeric Alphabetic Complex Numeric Complex Weak Biometric (allows for low-security biometric recognition) Note: Google deprecated Minimum Passcode Quality and Minimum Passcode Length for setting passcode on Profile Owner (PO) devices. MaaS360 no longer supports these deprecated policies when users upgrade to the MaaS360 for Android app version 7.90+ on Android devices running OS version 12 and later. You must use Minimum Passcode Complexity to set device and work profile passcode restrictions for Profile Owner devices.	Android 5.0 - 11.0 (PO), Android 5.0+ (DO)
Minimum Passcode Complexity	The minimum password complexity requirement for the screen lock. The password is applied in the form of predefined complexity buckets (High, Medium, Low, and None). Users must create a matching or a stronger passcode, but they cannot set a password with a lower complexity level. Requirements: None: Passcode is not required. Low: Passcode must satisfy one of the following: PIN with repeating (4444) or ordered (1234, 4321, 2468) sequences Pattern Medium: Passcode must satisfy one of the following: PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 4 Alphabetic, length at least 4 Alphanumeric, length at least 4 High: Passcode must satisfy one of the following: PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 8 Alphabetic, length at least 6 Alphanumeric, length at least 6 Note: If this policy setting is turned on, the deprecated passcode settings Minimum Passcode Qualityand Minimum Passcode Length are not supported. Use the Minimum Passcode Quality setting to enable passcode restrictions for Android 5.0 - 11.0 devices.	Android 12+ PO and DO For Profile Owner (PO) devices, requires MaaS360 for Android app version 7.50 or later. For Device Owner (DO) devices, requires MaaS360 for Android app version 7.70 or later.
Minimum Passcode Length (4 - 16 characters)	The minimum number of characters that are needed for a passcode. The range is 4 - 16 characters. Note: Google deprecated Minimum Passcode Quality and Minimum Passcode Length for setting passcode on Profile Owner (PO) devices. MaaS360 no longer supports these deprecated policies when users upgrade to the MaaS360 for Android app version 7.90+ on Android devices running OS version 12 and later. You must use Minimum Passcode Complexity to set device and work profile passcode restrictions for Profile Owner devices.
Delay for passcode prompt after lock screen	The amount of time that passes before a passcode prompt appears on the screen of a locked Android device. Options: Immediate (default) 15 seconds 30 seconds 1 minute 2 minutes 3 minutes 4 minutes 5 minutes 10 minutes
Maximum passcode age (in days)	The number of days that can pass before a passcode must be changed. The range is 1 - 999 days. If you leave this field blank or enter a zero in the field, the passcode never expires.
Allowed idle time (in minutes) before auto-lock	The amount of time the device remains inactive before the device is locked automatically. Options: 15 seconds 30 seconds 1 minute 2 minutes 3 minutes 4 minutes 5 minutes 10 minutes 15 minutes 30 minutes
Allowed idle time (in hours) for stronger authentication	The amount of time that a user can wait before stronger authentication is forced on the device. The range is 1 - 72 hours.
Number of failed passcode attempts before all data is erased (factory reset)	The number of password attempts that are allowed before the device is wiped. The range is 0 - 16 attempts. If you leave this field blank or enter a zero in the field, the device remains unlocked and data is not wiped from the device.
Passcode History	The number of times a unique passcode is used before a older passcode can be used again. The range is 0 - 99 times. If you leave this field blank or enter a zero in the field, you can reuse a passcode that you previously used on the device.
Configure Work Profile Security Challenge: The passcode for the Work Profile. (Android 7.0+ PO only). The passcode prompt is displayed when a user opens the Work Profile feature or app. If a device uses a device-level passcode (either optional or enforced) and that passcode matches the Work Profile passcode, then the user can enter the passcode once to unlock both the device and the Work Profile.
Allowed idle time (in hours) for stronger authentication	The amount of time that a user can wait before stronger authentication is forced on the device. The range is 1 - 72 hours.
Minimum Passcode Quality	The type of passcode that users create. Users can create a matching or a strong passcode. For example, if Pattern is selected, users can create a passcode that uses numbers in a complex pattern. Note: Google deprecated Minimum Passcode Qualityand Minimum Passcode Length for setting device-wide passcode on Profile Owner (PO) devices. MaaS360 no longer supports Minimum Passcode Quality when devices upgrade to MaaS360 for Android app version 7.90+. You must use Minimum Passcode Complexity to set passcode restrictions for Profile Owner devices.
Minimum Passcode Complexity	The minimum password complexity requirement for the screen lock. The password is applied in the form of predefined complexity buckets (High, Medium, Low, and None). Users must create a matching or a stronger passcode, but they cannot set a password with a lower complexity level. Requirements: None: Passcode is not required. Low: Passcode must satisfy one of the following: PIN with repeating (4444) or ordered (1234, 4321, 2468) sequences Pattern Medium: Passcode must satisfy one of the following: PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 4 Alphabetic, length at least 4 Alphanumeric, length at least 4 High: Passcode must satisfy one of the following: PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 8 Alphabetic, length at least 6 Alphanumeric, length at least 6 Note: If this policy setting is turned on, the deprecated passcode settings Minimum Passcode Qualityand Minimum Passcode Length are not supported. Use the Minimum Passcode Quality setting to enable passcode restrictions for Android 5.0 - 11.0 devices.	Requires MaaS360 for Android app version 7.50 or later. Android 12+ Profile Owner devices.
Allowed idle time (in minutes) before auto-lock	The amount of time the device remains inactive before the device is locked automatically. Options: 15 seconds 30 seconds 1 minute 2 minutes 3 minutes 4 minutes 5 minutes 10 minutes 15 minutes 30 minutes
Number of failed passcode attempts before all data is erased (factory reset)	The number of password attempts that are allowed before the device is wiped. The range is 0 - 16 attempts. If you leave this field blank or enter a zero in the field, the device remains unlocked and data is not wiped from the device.
Minimum Passcode Length (4 - 16 characters)	The minimum number of characters that are needed for a passcode. The range is 4 - 16 characters. Note: Google deprecated Minimum Passcode Quality and Minimum Passcode Length for setting passcode on Profile Owner (PO) devices. MaaS360 no longer supports these deprecated policies when users upgrade to the MaaS360 for Android app version 7.90+ on Android devices running OS version 12 and later. You must use Minimum Passcode Complexity to set device and work profile passcode restrictions for Profile Owner devices.
Maximum passcode age (in days)	The number of days that can pass before a passcode must be changed. The range is 1 - 999 days. If you leave this field blank or enter a zero in the field, the passcode never expires.
Passcode History	The number of times a unique passcode is used before a older passcode can be used again. The range is 0 - 99 times. If you leave this field blank or enter a zero in the field, you can reuse a passcode that you previously used on the device.