Setting a passcode policy requires your end users to enter a passcode, providing a first layer of defense for sensitive data on devices.

Procedure

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add > Add Profile > Android (Legacy).
  2. Select Device to deploy your profile to a device.
  3. Configure the General profile settings.
  4. Configure the following Passcode settings.
    Setting Description
    Minimum Passcode Length Ensure passcodes are appropriately complex by setting a minimum number of characters.
    Passcode Content

    Ensure the passcode content meets your security requirements by selecting Any, Numeric, Alphanumeric, Alphabetic, orComplex or Fingerprint from the drop-down menu.

    The Fingerprint Authentication is only available on SAFE v5.0+ devices.

    Do not use Fingerprint authentication as a classic password when you are checking security requirements. When you are enabling fingerprint authentication to unlock the device or container, a PIN or password is also required. A PIN or passcode is required for recovery when enabling fingerprint authentication. Two factor authentication is not the default setting for a device or container. You cannot enforce fingerprint authentication without requiring a PIN or passcode.

    Important: For Safe v5.2 and above, if the minimum number of complex characters in the password set by the profile is greater than 4, then at least one lowercase character and one uppercase character are required.
    Note: If the passcode is not compliant, access to company resources, such as email, may be restricted and profiles are removed.
    Pre-Define Passcode

    This setting is only available on Android Work-managed or COPE enrolled devices with Android 8.0 or later and Workspace ONE Intelligent Hub 8.0 or later for Android. Consider Android (Legacy) Device Administrator Migration to Android Enterprise for more control, consistency and better security across all OEM devices.
    Passcode

    This setting is only available on Android Work-managed or COPE enrolled devices with Android 8.0 or later and Workspace ONE Intelligent Hub 8.0 or later for Android. Consider Android (Legacy) Device Administrator Migration to Android Enterprise for more control, consistency and better security across all OEM devices.
    Maximum Number of Failed Attempt Specify the number of attempts allowed before the device is wiped.
    Grace Period for Passcode Change Amount of time prior to the expiration of the passcode that the end user is notified to change their passcode
    Maximum Number of Repeating Characters

    Prevent your end users from entering easily cracked repetitive passcodes like '1111' by setting a maximum number of repeating characters.
    Maximum Length of Numeric Sequences Prevent your end user from entering an easily cracked numeric sequence like 1234 as their passcode.
    Maximum Passcode Age (days Specify the maximum number of days the passcode can be active.
    Passcode History Set the number of times a passcode must be changed before a previous passcode can be used again.
    Device Lock Timeout (in Minutes) Set the period of inactivity before the device screen locks automatically.

    If the device time-out set on the profile is greater than maximum time-out on the device, Workspace ONE Intelligent Hub will not be able set that value for device time-out.
    Enable Passcode Visibility Enable to make the passcode visible to users as it is entered on their devices.
    Allow Fingerprint Unlock Enable to allow users to use their fingerprint to unlock their devices and prevents using fingerprint as the primary method of authentication and instead requires that the end user enter the specified type of password in the profile instead.
    Require Storage Encryption Indicate if internal storage requires encryption.
    Require SD Card Encryption Indicate if the SD card requires encryption.
    Lockscreen Overlay
    Enable to push information to the end user devices and display this information over the lock screen.
    • Image Overlay – Upload images to display over the lock screen. You can upload a primary and secondary image and determine the position and transparency of the images.
    • Company Information – Enter company information to display over the lock screen. This can be used for emergency information in the event the device has been lost or reported stolen.
    The Lockscreen Overlay setting is for Safe 5.0 devices and above only. The Lockscreen Overlay settings remains configured on the device while in use and cannot be changed by the end user.
  5. Select Save & Publish to assign the profile to associated devices.