Topic
This article provides instructions for using the Passcode section for Apple MDM policies.
Environment
- NinjaOne and Apple mobile device management
- iOS
- iPadOS
- macOS MDM
Description
Click the Enabled toggle switch to allow configuration for password values, lock after failed attempts, passcode criteria and update requirements, and auto-lock settings.
Select a category to learn more:
- Require alphanumeric value
- Allow simple passcode
- Maximum number of failed attempts
- Maximum passcode age (days)
- Maximum grace period for device lock
- Minimum number of complex characters
- Minimum passcode length
- Passcode history
- Maximum auto-lock
- Additional Resources
Require alphanumeric value
Enforces using numbers (123) and alphabetical characters (Abc).
Allow simple passcode
A simple passcode contains repeated or increasing/decreasing characters (123 or CBA).
Maximum number of failed attempts
The number of allowed failed attempts when entering the passcode at the device's lock screen. After six failed attempts, the policy imposes a delay before the user can attempt a passcode again, and the length of the delay increases with each attempt.
Maximum passcode age (days)
The number of days for which the passcode can remain unchanged. After this time, the user must change the passcode before unlocking the device. The passcode will not time out if set to zero (0).
Maximum grace period for device lock
The grace period is the period during which the user can unlock the phone without entering a passcode. When the grace period expires, the system auto-locks the device, and the user receives a prompt to enter their passcode.
Minimum number of complex characters
A complex (or "special") character is a character other than a number or a letter, such as & % $ #.
Minimum passcode length
Enforce passwords to use a minimum number of characters in a password. This parameter is independent of the optional "Minimum number of complex characters" setting.
Passcode history
The number set here defines the number of passcode entries the user can apply before creating a new, unique passcode.
For example, if you set this requirement to "3," then a user can reset their password to something they used in the past up to three times before they need to apply different characters.
Maximum auto-lock
The number of minutes the device can be idle before the system locks it, and the user must enter their passcode. Users can edit this setting on their device, but the value cannot exceed the policy setting.