The Passcode configuration profile is for controlling the use of device passcode protection, including passcode requirements. When a device has the profile set, the device user must use a passcode meeting the requirements.
For Android devices, it is possible to create separate passcode profiles for the device lock screen and work profile. This article explains how you can set a device-wide passcode policy for managed Android devices.
In case you want to know about passcode for Android work profile, you can read more about it from the related article.
Creating a passcode policy
Follow the next steps to create a passcode policy for the managed Android devices.
1. Go to Management > Configuration profiles and add a new configuration profile by clicking Add > Android > Passcode.
2. Define the passcode requirements.
Complexity requirements (Android 12)
The setting is for devices with Android 12 and above. With the setting, you can define the minimum complexity requirements for the passcode. When configured, the passcode requirements set with other fields will be ignored. The setting is the only option to define device-wide passcode for profile owner devices (Work profile).
Use the Minimum length and Quality requirement fields for the devices with Android 11 or older. You can also use these custom settings for Android 12+ Device owner devices and the work profile lock screen.
With the setting, you can define the minimum length for the passcode.
With the quality requirement setting, you can define the minimum requirements for the passcode. The requirements are in order from the loosest to the strictest. A user can always set a stricter passcode than the minimum requirement.
- Unspecified: No requirements for the passcode. NOTE! The user can disable the passcode completely.
- Something: Requires some kind of a passcode, but doesn't care what it is. Patterns, pin codes, passwords, etc. are all allowed.
- Numeric: A pin code is the loosest passcode type allowed.
- Alphabetic: The user must enter a password containing alphabetic (or other symbols).
- Alphanumeric: Requires a password that is a combination of letters and numbers. May also include symbolic characters.
- Complex: This option requires a password containing at least one letter, a numerical digit, and a special symbol. With this admin can also set other requirements for the password.
It is possible to set a passcode policy separately for the device and the work profile. Choose Target = Device lock screen to set a passcode for the entire device. In case you want to create a passcode for the work profile lock screen, read the separate instructions for it.
This setting is for defining the amount of time until the passcode expires.
Maximum screen lock timeout
Defines the maximum time until the screen is locked if the device is left unattended. The user may set a shorter than maximum timeout for the screen lock.
Administrator can set the number of previous passcodes that cannot be used.
Maximum number of failed attempts
This setting defines the amount of failed unlock attempts before the device gets wiped.
Default passcode and lock screen message
Force unlock passcode - Unlock passcode
Forces a new unlock passcode, which change takes effect immediately. The given password must be sufficient for the defined password requirements, otherwise, it will be rejected.
Set lock screen message - Lock screen message
Enable the lock screen message if you want to display a custom message on the lock screen of Fully managed (Device owner) Android devices. When you enable the setting, the Lock screen message –field is shown for entering the actual message. This feature is supported on Android 7.0 and newer devices.
3. Enter the name and description of the passcode configuration profile to finalize the profile creation.
4. Deploy the configuration profile to the managed Android devices.