Device passcode policy for Android

The passcode configuration profile is for controlling the use of device passcode protection, including passcode requirements. When a device has the profile set, the device user must use a passcode to meet the requirements.

For Android devices, it is possible to create separate passcode profiles for the device lock screen and work profile. This article explains how you can set a device-wide passcode policy for managed Android devices.

Read more about passcode for Android work profiles.

Creating a passcode policy

Follow these steps to create a passcode policy for the managed Android devices.

1. Go to Management > Configuration profiles and add a new configuration profile by clicking Add > Android > Passcode.

2. Define the passcode requirements.

3. Enter the name and description of the passcode configuration profile to finalize the profile creation.

4. Deploy the configuration profile to the managed Android devices.

Passcode requirements

Complexity requirements (Android 12)

The setting is for devices with Android 12 and above. With the setting, you can define the minimum complexity requirements for the passcode. When configured, the passcode requirements set with other fields will be ignored. The setting is the only option to define device-wide passcode for profile owner devices (Work profile).

Use the Minimum length and Quality requirement fields for devices with Android 11 or older. You can also use these custom settings for Android 12+ Device owner devices and the work profile lock screen.

Minimum length

With the setting, you can define the minimum length for the passcode.

Quality requirement

With the quality requirement setting, you can define the minimum requirements for the passcode. The requirements are in order from the loosest to the strictest. A user can always set a stricter passcode than the minimum requirement.

• Unspecified: No requirements for the passcode. Please note that the user can disable the passcode completely.
• Something: Requires some kind of a passcode, but doesn't care what it is. Patterns, pin codes, passwords, etc. are all allowed.
• Numeric: A pin code is the least complex passcode type allowed.
• Alphabetic: The user must enter a password containing alphabetic values (or other symbols).
• Alphanumeric: Requires a password that is a combination of letters and numbers. May also include symbolic characters.
• Complex: This option requires a password containing at least one letter, a numerical digit, and a special symbol. With this admin can also set other requirements for the password.

Passcode settings

Target

It is possible to set a passcode policy separately for the device and the work profile. Choose Target = Device lock screen to set a passcode for the entire device. In case you want to create a passcode for the work profile lock screen, read the separate instructions for it.

Expiration age

This setting is for defining the time before the passcode expires.

Maximum screen lock timeout

Defines the maximum time until the screen is locked if the device is left unattended. The user may set a shorter than maximum timeout for the screen lock.

History restriction

The administrator can set the number of previous passcodes that cannot be used.

Maximum number of failed attempts

This setting defines the amount of failed unlock attempts before the device gets wiped.

Default passcode and lock screen message

Force unlock passcode - Unlock passcode

Forces a new unlock passcode, which change takes effect immediately. The given password must be sufficient for the defined password requirements, otherwise, it will be rejected.

Set lock screen message - Lock screen message

Enable the lock screen message if you want to display a custom message on the lock screen of Fully managed (Device owner) Android devices. When you enable the setting, the Lock screen message –field is shown for entering the actual message. This feature is supported on Android 7.0 and newer devices.