This policy helps secure corporate and personal iOS devices and enforces settings for passcode length, complexity, failed attempts, and more. Devices must be enrolled in MDM to use this policy. After the MDM enrollment profile is installed, the user has 60 minutes to enter a passcode that meets the restrictions in this policy. If the user does not comply within the time limit, the user is forced to change the passcode.
To create a Passcode Restrictions policy for iOS:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- In the All tab, click (+).
- On the New Policy panel, select the iOS tab.
- Select the Passcode Restrictions policy from the list, then click configure.
- Under Settings, select Allow simple passcodes to enable sequential and repeated characters.
- Select Require alphanumeric to require the user to enter at least one number and one letter.
- Select Force PIN to require the user to enter a passcode to access the iPhone.
- Select Set max failed attempts to set the number of allowed failed attempts to enter the passcode. Valid values include 2-11.
If you don’t change this setting, the passcode time delay increases with each failed attempt and after 6 failed attempts a time delay is imposed before a passcode can be entered again. If you set this value to 6 or lower, no time delay is imposed and all data and settings on the device are securely erased from the iOS device when the attempt limit is exceeded.
- Select Set max grace period to determine when the iPhone can be unlocked again after use, without prompting again for the passcode.
The default is 0, which means there is no grace period and each use requires a passcode.
- Select Set max inactivity to determine how many minutes an unlocked device can be idle before it is locked. Valid values include 1-15.
When the maximum defined number of minutes is reached, the device is locked and the passcode must be re-entered.
- Select Set max PIN age to require a user to change their passcode after a specified number of days. Valid values include 0 – 730 days.
- In the Minimum complex characters field, enter the number of non-alphanumeric characters the passcode must contain. Valid values include 1-4.
A complex character is a character other than a number or letter, such as &, !, and %.
- In the Minimum length field, enter the number of previous passcodes that are remembered and compared. Valid values include 1-50.
A new passcode is not allowed if it matches a previously-used passcode.
- (Optional) Select the Device Groups tab. Select one or more device groups where you’ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) Select the Devices tab. Select one or more devices where you’ll apply this policy.
- Click save.
After you create and bind an iOS policy to a device, you do not need to activate the policy; every iOS policy is effective immediately.