Passcode
The Passcode settings enforce the use of a secure passcode to unlock an Android device.
The following table describes the passcode settings that you can configure on a device:
Policy setting | Description | Support Matrix |
---|---|---|
Configure Passcode Policy: This policy enforces device passcodes on Profile Owner (PO) and Device Owner (DO) modes for Android Enterprise 5.0+. An administrator can only reset the passcode in Device Owner (DO) mode. | ||
Minimum passcode quality | The type of passcode that users can create. Users can create a matching or a strong passcode. Options:
Note: Google deprecated Minimum Passcode Quality and
Minimum Passcode Length for setting passcode on Profile Owner (PO) devices.
MaaS360 no longer supports these deprecated policies when users upgrade to the MaaS360 for Android
app version 7.90+ on Android devices running OS version 12 and later. You must use
Minimum Passcode Complexity to set device and work profile passcode
restrictions for Profile Owner devices.
|
Android 5.0 - 11.0 (PO), Android 5.0+ (DO) |
Minimum Passcode Complexity | The minimum password complexity requirement for the screen lock. The
password is applied in the form of predefined complexity buckets (High, Medium, Low, and None).
Users must create a matching or a stronger passcode, but they cannot set a password with a lower
complexity level. Requirements:
Note:
|
|
Minimum Passcode Length (4 - 16 characters) | The minimum number of characters that are needed for a passcode. The range is 4
- 16 characters. Note: Google deprecated Minimum Passcode Quality and
Minimum Passcode Length for setting passcode on Profile Owner (PO) devices.
MaaS360 no longer supports these deprecated policies when users upgrade to the MaaS360 for Android
app version 7.90+ on Android devices running OS version 12 and later. You must use
Minimum Passcode Complexity to set device and work profile passcode
restrictions for Profile Owner devices.
|
|
Delay for passcode prompt after lock screen | The amount of time that passes before a passcode prompt appears on the screen of a
locked Android device. Options:
|
|
Maximum passcode age (in days) | The number of days that can pass before a passcode must be changed. The range is 1 - 999
days. If you leave this field blank or enter a zero in the field, the passcode never expires. |
|
Allowed idle time (in minutes) before auto-lock | The amount of time the device remains inactive before the device is locked
automatically. Options:
|
|
Allowed idle time (in hours) for stronger authentication | The amount of time that a user can wait before stronger authentication is forced on the device. The range is 1 - 72 hours. | |
Number of failed passcode attempts before all data is erased (factory reset) | The number of password attempts that are allowed before the device
is wiped. The range is 0 - 16 attempts. If you leave this field blank or enter a zero in the field, the device remains unlocked and data is not wiped from the device. |
|
Passcode History | The number of times a unique passcode is used before a older passcode can
be used again. The range is 0 - 99 times. If you leave this field blank or enter a zero in the field, you can reuse a passcode that you previously used on the device. |
|
Configure Work Profile Security Challenge: The passcode for the Work Profile. (Android 7.0+ PO only). The passcode prompt is displayed when a user opens the Work Profile feature or app. If a device uses a device-level passcode (either optional or enforced) and that passcode matches the Work Profile passcode, then the user can enter the passcode once to unlock both the device and the Work Profile. | ||
Allowed idle time (in hours) for stronger authentication | The amount of time that a user can wait before stronger authentication is forced on the device. The range is 1 - 72 hours. | |
Minimum Passcode Quality | The type of passcode that users create. Users can create a matching or a
strong passcode. For example, if Pattern is selected, users can create a
passcode that uses numbers in a complex pattern.
Note: Google deprecated Minimum Passcode
Qualityand Minimum Passcode Length for setting device-wide
passcode on Profile Owner (PO) devices. MaaS360 no longer supports Minimum Passcode
Quality when devices upgrade to MaaS360 for Android app version 7.90+. You must use
Minimum Passcode Complexity to set passcode restrictions for Profile Owner
devices.
|
|
Minimum Passcode Complexity | The minimum password complexity requirement for the screen lock. The
password is applied in the form of predefined complexity buckets (High, Medium, Low, and None).
Users must create a matching or a stronger passcode, but they cannot set a password with a lower
complexity level. Requirements:
Note:
|
|
Allowed idle time (in minutes) before auto-lock | The amount of time the device remains inactive before the device is locked
automatically. Options:
|
|
Number of failed passcode attempts before all data is erased (factory reset) | The number of password attempts that are allowed before the device
is wiped. The range is 0 - 16 attempts. If you leave this field blank or enter a zero in the field, the device remains unlocked and data is not wiped from the device. |
|
Minimum Passcode Length (4 - 16 characters) | The minimum number of characters that are needed for a passcode. The range is 4
- 16 characters. Note: Google deprecated Minimum Passcode Quality and
Minimum Passcode Length for setting passcode on Profile Owner (PO) devices.
MaaS360 no longer supports these deprecated policies when users upgrade to the MaaS360 for Android
app version 7.90+ on Android devices running OS version 12 and later. You must use
Minimum Passcode Complexity to set device and work profile passcode
restrictions for Profile Owner devices.
|
|
Maximum passcode age (in days) | The number of days that can pass before a passcode must be changed. The range is 1 - 999
days. If you leave this field blank or enter a zero in the field, the passcode never expires. |
|
Passcode History | The number of times a unique passcode is used before a older passcode can
be used again. The range is 0 - 99 times. If you leave this field blank or enter a zero in the field, you can reuse a passcode that you previously used on the device. |