Passcode Configuration

One of the first things you set up in Ivanti Neurons for MDM (using the startup wizard) is a passcode configuration. This configuration defines settings for the screen lock feature on devices.

Passcode settings

Setting

What To Do

Name

Enter a name that identifies this configuration.

Description

Enter a description that clarifies the purpose of this configuration.

Allow simple values

Restricts whether the PIN or Password contains ordered characters or digits.

 

For iOS, macOS, watchOS, and Android: Select to allow  pin or passcodes that are less secure because they contain repeated, ascending, or descending character sequences.

Examples: 1111, 1234, abcd.

 

Deselecting this option for Android devices will enforce passcodes with complex PINs. For example, users cannot configure repeated, ascending, or descending character sequences.

For Windows 10+: Select to allow passcodes that are less secure because they contain repeated or ascending numeric sequences.

Examples: 1111, 1234

Require alphanumeric value

Requires the passcode to contain at least one letter and one number.

 

For iOS and Android: Select to ensure that passcodes include letters and numbers.

For Windows 10+: Select to ensure a strong password based on Microsoft's standard.

Minimum passcode length

Select a number from the list to set a minimum passcode length.

For Windows 10 Desktop: Local accounts will enforce minimum passcode length 6.

Minimum number of complex characters

For iOS and Android: Select a number from the list to set a minimum number of characters that are not numbers or letters.

For Windows 10+: Local accounts will enforce 3 complex characters.

Maximum passcode age

Enter a number to the number of days after which the device user must reset the passcode. If you do not want to set the a passcode age, then leave this field blank.

Auto-Lock

Select an interval from the list to define how long the device can stay idle before it automatically sets the screen lock.

Any Lock Method

Android only. Allows user choice of any lock method, including pattern unlock. The passcode settings above will not be applied to this device.

Passcode history

Enter a number to set the number of unique passcodes a user must enter before reusing a passcode. For example, if you set this field to 4, then the user must set 4 passcodes before being able to reuse the first passcode.

Grace period for device lock

Select an interval from the list to set the amount of time between the appearance of the lock screen and the point at which the device user needs to enter a passcode to unlock the device.

Maximum number of failed attempts

Select a number from the list to set the number of times the device user can consecutively enter the wrong passcode before the device is reset and wiped.

Warning: Devices will be wiped if the user exceeds the maximum number of password attempts. Use caution with this option.

(macOS Only)

Enable Passcode Regular Expression (macOS 14+)

Specify the expression string that matches with the password to determine whether it matches with the policy.

(macOS Only)

Language

 

Specify the language of the Description.

(macOS Only)

Description

 

Describe the password complexity. For example, numbers, special characters, string, and so on.

(macOS Only)

Enforce passcode rule at next login

Select to enable macOS to prompt the user to change the password to make the password compliant with the password policy next time the user logs in.

By default, this option is not selected.

Applicable for macOS 10.13 and later versions.

(macOS Only)

Minutes until failed login reset

Specify the minutes before the login is reset after the maximum number of unsuccessful login attempts is reached.

Ensure that the Maximum number of failed attempts number is set to enable this field. Available in macOS 10.10 and later.

SmartLock

For Android 5.0 devices except in Android enterprise work profiles:

For Android 6.0 or later:

Allows or disallows a user to choose the SmartLock feature to unlock a device. The SmartLock feature automatically unlocks a device in certain circumstances such as the user's proximity to the device, device at a location, or when the device is paired with a trusted device.

Fingerprint Unlock

For Android 5.0 devices except in Android enterprise work profiles:

For Android 6.0 or later:

Allows or disallows the user to choose Fingerprint to unlock a device.

Lock Screen Notifications (for Android enterprise only)

Enable Notifications for Work Managed Devices (for Device Owner)

Allow or disallow notifications on the lock screen for work managed devices

 

Enable Unredacted Notifications for Work Profile

For Android 6.0 or later:

Allow or disallow unredacted notifications on the lock screen for work profile devices.

After you enable this setting, you will receive the notification but the content appears as 'Content hidden by policy' You can view the content (mail/ push notification) only from the app.

 

For more information, see How to create a configuration