Passcode

Use the Passcode settings to enforce the use of a secure passcode to unlock a macOS device.

The following table describes the passcode settings that you can configure on a macOS device:

Policy setting	Description
Enforce Passcode	A password is required to unlock the device.
Allow Simple Passcode	A simple four-digit passcode with consecutive and repeating characters such as 0000 and 1234 is allowed. If this setting is disabled, users must create a complex passcode.
Require Alphanumeric characters in Passcode	The password must contain a combination of both numbers and letters.
Require number of special characters	The minimum number of special characters that must be included in a password. The following special characters are allowed: *, $, &, {, ]
Minimum Passcode Length	The minimum number of characters required in a password.
Maximum Passcode Age	The number of days that can pass before a passcode must be changed. The range is 1 - 365 days. If you leave this field blank, the password never expires.
Allowed Idle Time (in minutes)	The amount of time the device remains inactive before the device is locked automatically.
Failed Attempts allowed before Data Wipe	The number of failed password attempts that are allowed before the device is wiped.
Grace Period for Device Unlock without Passcode in Minutes	The amount of time the device is unlocked after a lock without entering the password. If you select Immediately, users must enter a password to unlock the device as soon as the device is locked. If you select 4 Hours, users can unlock the device without a password until 4 hours after the device is locked.
Number of Unique Passcodes Required Before Reuse Allowed (1-50, or blank)	The number of times a unique passcode is used before an older passcode can be used again. If you leave this field blank, users can reuse a passcode that was previously used on the device.
Reset Passcode on Next Authentication	A passcode reset is required on next authentication.