Password policies configuration (iOS device profile)

With the Password policies configuration you define password rules for devices.

Setting/Field Description
Allow simple value Users are allowed to use sequential or repeated characters in their password, for example 1111 or abcde.
Require alphanumeric value Passwords must contain at least one letter or number.
Minimum password length Specifies the minimum number of characters a password must contain.
Minimum number of complex characters Specifies the minimum number of non-alphanumeric characters (for example & or !) a password must contain.
Maximum password age in days Requires users to change their password in the specified interval. Value range: 0 (no password change required) to 730 days.
Maximum Auto-Lock (in minutes) In this field, you can specify the maximum value the user is allowed to configure on the device. Auto-Lock specifies how soon (in minutes) the device will be locked if it has not been used.
Password history In this field, you can specify how many old passwords are remembered and compared with new ones. When the user defines a new password, it is not accepted if it matches a previously used password. Value range: 1 to 50 or 0 (no password history).
Maximum grace period for device lock In this field, you can specify the maximum value the user is allowed to configure on the device. The grace period for device lock specifies for how long the device can be unlocked after a lock without a password prompt. If you select None, the user can select any of the intervals available. If you select Immediately, users must enter a password every time they unlock their devices.
Maximum number of failed attempts until device wipe In this field, you can specify the maximum number of failed attempts to enter the correct password before the device is wiped. After six failed attempts, a time delay is imposed before a password can be entered again. The delay increases with each failed attempt. After the final failed attempt, all data and settings are securely removed from the device. The time delay starts after the sixth attempt. So if you set this value to 6 or lower, no delay is imposed and the device is wiped when the attempt limit is exceeded.