Passcode (Declarative)

The Passcode profile configuration enables you to set authentication requirements for declaratively managed Apple devices. You do this when:

Restriction: This feature is unavailable for Shared iPads.
Feature Details
Require alphanumeric passcode When enabled, the passcode must have at least one alphabetical character and at least one number.
Require complex passcode When enabled, the passcode must meet the following conditions:
  • Adjacent characters are not repeating, increasing, or decreasing.
    • XXX is not permitted (repeating)
    • 123 is not permitted (increasing)
    • CBA is not permitted (decreasing)
  • Contain at least one non-alphabetical character OR one non-numeric character
Minimum special characters The passcode must have a minimum number of special characters. A special character is a character that's not a number or a letter. Such as
  • &
  • %
  • $
  • #
Choose from 0—4 special characters.
Minimum length The minimum number of characters a passcode can have. Choose from a length of 0—16 characters.
Maximum passcode age The maximum number of days before the device user must change the passcode. After the device exceeds this limit, the system automatically locks the device.
Restriction: You can choose from 0—730 days only.
Enable maximum failed attempts before wipe Enable this setting to automatically wipe the device data after a failed number of passcode unlock attempts.

Choose from 2—11 Maximum number of failed attempts.

You can also set a Reset timeout after max. failed login attempts starting from 0 minutes.

Maximum grace period The maximum number of idle minutes before the device locks itself.

Choose from at least 0 minutes. 0 means no grace period, and the device immediately requires a passcode.
Enable automatic device lock When enabled, the device automatically locks after being idle. The device user must then use the passcode to unlock. Choose from 0 to 15 minutes before automatic device lock.
Passcode reuse limit

The number of past password entries that the device saves. Choose from 1—50 entries. When the user attempts to change the passcode, the device compares the new password with all past password entries. If the new password is the same as a past password entry, the device denies the password.
Force passcode update When enabled, the device forces a passcode reset when the user tries to authenticate.
Use regular expression When enabled, the passcode must comply with a specified regular expression. When a regular expression conflicts with any of the other passcode settings, the regular expression take precedence.
Restriction: This feature is not supported for iOS devices.