“Password policies - Device” configuration (Android Enterprise work profile policy)
With the Password policies - Device configuration, you set requirements for the password to unlock the display. Note that these requirements apply to the whole device and aren’t limited to the work profile.
For the password to unlock the work profile, see “Password policies - Work profile” configuration (Android Enterprise work profile policy).
There are different settings depending on the Android version.
Android 12 and later
With Android 12, Google has simplified the configuration of password complexity requirements. You can choose from three levels, Low, Medium, and High, each with fixed complexity rules.
In the Minimum password complexity list, select the minimum complexity level that the display lock password must meet.
| Setting | Description |
|---|---|
| No requirements | There are no password restrictions. |
| Low | The password must be a Pattern or PIN. |
| Medium | Allowed password types:
|
| High | Allowed password types:
|
Android 11 and earlier
In the Password type list, select the type of password users are allowed to configure:
| Setting | Description |
|---|---|
| Pattern, PIN or password | Users must set a screen lock. They can choose a type Pattern, PIN or Password screen lock. No additional restrictions are imposed. |
| Simple password | Users must set a Password screen lock. Digits are allowed, but the password must contain at least one letter. You can define a minimum length. See the following table. |
| PIN or password | Users must set a PIN or Password screen lock. You can define a minimum length. See the following table. |
| Alphanumeric password | Users must set a Password screen lock. The password must contain both letters and digits. You can define a minimum length. See the following table. |
| Complex password | Users must set a Password screen lock. The password must contain both letters and digits. You can define a minimum length and a minimum number of digits, lowercase and uppercase letters and special characters. See the following two tables. |
If you select Simple password, PIN or password, Alphanumeric password or Complex password, the following fields are displayed:
| Setting | Description |
|---|---|
| Minimum password length | The minimum number of characters a password must contain. |
| Maximum idle time before password prompt | The time after the device is locked if it has not been used. The device can be unlocked by entering the password. The device might impose a shorter time period than what you configure here. |
| Maximum password age in days | Requires users to change their password in the specified interval. Value range: 0 (no password change required) to 730 days. |
| Maximum sign-in attempts | The device is wiped after this number of incorrect sign-in attempts. |
| Password history | The number of previously used passwords Sophos Mobile stores. When the user sets a new password, it mustn’t match a password that was already used. |
If you select Complex password, the following additional fields are displayed:
| Setting | Description |
|---|---|
| Minimum number of letters | The minimum number of letters a password must contain. |
| Minimum number of lowercase letters | The minimum number of lowercase letters a password must contain. |
| Minimum number of uppercase letters | The minimum number of uppercase letters a password must contain. |
| Minimum number of non-alphabetic characters | The minimum number of non-alphabetic characters (for example & or !) a password must contain. |
| Minimum number of digits | The minimum number of numerals a password must contain. |
| Minimum number of special characters | The minimum number of special characters (for example !"§$%&/()=,.-;:_@<>) a password must contain. |