Device passcode profiles secure macOS devices and their content. Choose strict options for high-profile employees, and more flexible options for other devices or for those part of a BYOD program.
If multiple profiles enforce separate policies on a single device, the most restrictive policy is enforced. If your password policy is being managed by your directory for network users logging into the devices, Workspace ONE UEM does not recommend a passcode policy.
- Navigate to Resources > Profiles & Baselines > Profiles and select Add. Select Apple macOS, and then select whether this profile will apply to only the enrollment user on the device (User Profile), or the entire device (Device Profile).
- Configure the profile's General settings.
- Select the Passcode payload.
- Configure Passcode settings:
Require passcode on device Enable mandatory passcode protection. Allow simple value Allow the end user to apply a simple numeric passcode. Require Alphanumeric Value Restrict the end user from using spaces or non-alphanumeric characters in their passcode. Minimum Passcode Length Select the minimum number of characters required in the passcode. Maximum Passcode Age (days) Select the maximum number of days the passcode can be active. Auto-lock (min) Select the amount of time the device can be idle before the screen is locked automatically. Passcode History Enter the number of passwords to store in order to prevent end users from recycling passwords. Maximum Number of Failed Attempts Select the number of failed attempts allowed. If the end user enters an incorrect passcode for the set number of times, the device locks. Delay after failed login attempts Enter the length of the delay in minutes before allowing another chance to login again after the end user has reached the maximum number of failed passcode attempts.
- Select Save & Publish when you are finished to push the profile to devices.
End users are only prompted to change their password if the Workspace ONE Intelligent Hub is installed and the Enforce Passcode check box is selected in the Workspace ONE Intelligent Hub settings in the UEM console. For more information about configuring the Workspace ONE Intelligent Hub, see AirWatch mac Hub.