Devices managed by Workspace ONE UEM and enrolled through the Apple Device Enrollment Program can receive security measures to protect corporate data on Workspace ONE productivity applications and Third-party applications leveraging Workspace ONE SDK.

Maximum App Passcode Attempts

You can configure your Workspace ONE productivity applications and Third-party applications leveraging Workspace ONE SDK to require the end user to enter a passcode to access app on the device. You can also set a maximum number of attempts to enter the passcode correctly. If this feature is enabled and a user exceeds the maximum device passcode attempts, regular Bring Your Own Devices (BYOD) perform enterprise wipe, while corporate dedicated DEP devices are quarantined and the devices lock into Lost Mode. A device in Lost Mode can only be unlocked from the UEM console. This way corporate dedicated DEP assets continue to be managed from the UEM console for tracking purposes while the user is locked out of the device.

To configure the app passcode settings, navigate to Groups & Settings > All Settings > Apps > Security Policies in the UEM console.

For more information, see Create or Edit the DEP Enrollment Profile.

Workspace ONE Intelligent Hub Unenroll Protection

If an end user attempts to unenroll a supervised DEP device through the Workspace ONE Intelligent Hub, the device locks into Lost Mode. A device in Lost Mode can only be unlocked from the UEM console.

For more information, see Perform Remote Actions on All Devices.