This article explains two things: how you can set a passcode policy for the Android work profile and how you can reset the passcode remotely.
If you're looking for a way to set passcode complexity requirements for the device lock screen instead, please read the Device passcode policy for Android.
Requirements before you start
- Premium Plan or an active trial.
- You have configured the managed Google Play Enterprise for your Miradore site.
- This feature is supported for Android 7 and newer devices enrolled in the Work Profile mode.
- For Android 5 and 6 devices, the passcode will enforce a single passcode for the entire device.
How to create a passcode policy for the Android Work Profile
You can set a passcode policy separately for the device and for the work profile. To create a passcode policy for the work profile, follow the steps below.
- Go to Management > Configuration profiles and add a new configuration profile by clicking Add > Android > Passcode.
- Define the passcode requirements and set the Target = Work profile lock screen. If you choose "Device lock screen" the policy will require users to set a passcode for the entire device, not only for the work profile. See the description of the different passcode settings from the next section.
- After you have created the profile, you can deploy it to your devices either manually using the "Deploy" button or automatically using business policies.
- Optional step for Android 9.0 and newer devices. If you want, you can prevent the use of the same passcode for the device and for the Work Profile. You can do this with a configuration profile (Android > Restrictions) by setting the Unified passcode = Denied on the Profile owner settings.
Description of passcode configuration options
See below the description of each passcode setting.
Complexity requirement (Android 12)
Use this field to set the passcode requirements in the form of predefined complexity buckets (None, Low, Medium, or High) for the lock screen of the Work Profile. This setting is not applicable to Android 6-11 devices. The complexity buckets are described with more details in the field tooltip.
If you want to define passcode complexity requirements for Android 6-11 devices OR if you want to define custom passcode complexity requirements, instead of using the presets, then use the Minimun length and Quality requirement fields.
Defines the minimum length for the passcode.
Defines the minimum quality requirement for the passcode. The requirements are in order from the loosest to the strictest. A loose requirement always allows for a stricter passcode. For example, if the minimum quality requirement is Numeric (pin code), the end-user can choose to use a more complex password.
- Unspecified: No requirements for the passcode. NOTE! The user can disable the passcode completely.
- Something: Requires some kind of a passcode, but doesn't care what it is. Patterns, pin codes, passwords, etc. are all allowed.
- Numeric: A pin code is the loosest passcode type allowed.
- Alphabetic: The user must enter a password containing alphabetic (or other symbols).
- Alphanumeric: Requires a password that is a combination of letters and numbers. May also include symbolic characters.
- Complex: Requires a password containing at least one letter, one numerical digit, and one special symbol.
Defines whether the passcode configuration is set for the device lock screen or work profile lock screen.
Defines the amount of time until the passcode expires.
Maximum screen lock timeout
Defines the maximum time until the screen is locked if the device is left unattended. The user may set a shorter than maximum timeout for the screen lock.
Defines the number of previous passcodes that cannot be used.
Maximum number of failed attempts
Defines the amount of failed unlock attempts before the work profile gets wiped.
How to reset the passcode of Android Work Profile remotely
Miradore's Reset device passcode action is not applicable to the Android Work profile, but it is possible to reset the work profile passcode remotely as explained in here.
Create a passcode configuration profile for Android and go to the Default passcode and lock screen message tab.
After you have created the profile, distribute the profile to the devices whose passcode you want to reset.
Default passcode and lock screen message settings
Force unlock passcode
Forces the defined unlock passcode to the profile.
Force a new unlock passcode. This change takes effect immediately. The given password must be sufficient for the defined password quality and length constraints. If it does not meet these constraints, then it will be rejected.
When a passcode is enabled, the user is requested to enter his/her passcode when opening work profile apps after the device has been restarted, the device is locked or the lock device command has been deployed.
Set lock screen message
Enable if you want to display a custom message on the lock screen of Fully managed Android devices. This feature is supported on Android 7.0 and newer devices.
Lock screen message
The actual content for the custom lock screen message.