Use a Passcode profile to protect your Windows 10 devices by requiring a passcode each time they return from an idle state. Learn how a Passcode profile with Workspace ONE UEM ensures that all your sensitive corporate information on managed devices remains protected.

Passcodes set using this profile only take effect if the passcode is stricter than existing passcodes. For example, if the existing Microsoft Account passcode requires stricter settings than the Passcode payload requirements, the device continues to use the Microsoft Account passcode.
Important: The Passcode payload does not apply to domain-joined devices.

Procedure

  1. Navigate to Devices > Profiles > List View > Add and select Add Profile.
  2. Select Windows and then select Windows Desktop.
  3. Select Device Profile.
  4. Configure the profile General settings.
  5. Select the Passcode profile.
  6. Configure the Passcode settings:
    Settings Descriptions
    Password Complexity

    Set to Simple or Complex to your preferred level of password difficulty.

    Require Alphanumeric Enable to require the passcode to be an alphanumeric passcode.
    Minimum Password Length Enter the minimum number of characters a Password must contain.
    Maximum Password Age (days) Enter the maximum number of days that may elapse before the end user is required to change the Password.
    Minimum Password Age (days) Enter the minimum number of days that must elapse before the end user is required to change the Password.
    Device Lock Timeout (in Minutes) Enter the number of minutes before the device automatically locks and requires a passcode re-entry.
    Maximum Number of Failed Attempts Enter the maximum number of attempts the end user may enter before the device is restarted.
    Password History (occurrences)

    Enter the number of occurrences a password is remembered.

    If the end user reuses a password within the number of recorded occurrences, they cannot reuse that password.

    For example, if you set the history to 12, an end user cannot reuse the past 12 passwords.

    Expire Password

    Enable to expire the existing password on the device and require a new password to be created.

    Requires Workspace ONE Intelligent Hub to be installed on the device.

    Password Expiration (days) Configure the number of days that a password is valid for before expiring.
    Reversible Encryption for Password Storage

    Enable to set the operating system to store passwords using reversible encryption.

    Storing passwords using reversible encryption is essentially the same as storing plain text versions of the passwords.

    For this reason, do not enable this policy unless application requirements outweigh the need to protect password information.

    Use Protection Agent for Windows 10 Devices Enable to use the Workspace ONE Intelligent Hub to enforce Password profile settings instead of the native DM functionality. Enable this settings if you have issues using the native DM functionality.
  7. Select Save & Publish when you are finished to push the profile to your devices.