“Password policies - Work profile” configuration (Android Enterprise work profile policy)
With the Password policies - Work profile configuration, you set requirements for the password to unlock the work profile.
For the password to unlock the display, see “Password policies - Device” configuration (Android Enterprise work profile policy).
Note
Some settings are only available for certain device types or operation system versions. For details, see the labels next to a setting in Sophos Mobile.
In the Password type list, select the type of password users are allowed to configure:
Setting | Description |
---|---|
Pattern, PIN or password | Users must set a screen lock. They can choose a type Pattern, PIN or Password screen lock. No additional restrictions are imposed. |
Simple password | Users must set a Password screen lock. Digits are allowed, but the password must contain at least one letter. You can define a minimum length. See the following table. |
PIN or password | Users must set a PIN or Password screen lock. You can define a minimum length. See the following table. |
Alphanumeric password | Users must set a Password screen lock. The password must contain both letters and digits. You can define a minimum length. See the following table. |
Complex password | Users must set a Password screen lock. The password must contain both letters and digits. You can define a minimum length and a minimum number of digits, lowercase and uppercase letters and special characters. See the following two tables. |
Weak biometric recognition | Users are allowed to use weak biometric recognition methods, like face recognition, to unlock the work profile. Weak biometric recognition methods provide similar security as a 3-digit PIN. This means that unauthorized unlocking might happen in 1 of 1000 attempts. |
If you select Simple password, PIN or password, Alphanumeric password or Complex password, the following fields are displayed:
Setting | Description |
---|---|
Minimum password length | The minimum number of characters a password must contain. |
Maximum idle time before password prompt | The time after the work profile is locked if it has not been used. The profile can be unlocked by entering the password. The device might impose a shorter time period than what you configure here. |
Maximum password age in days | Requires users to change their password in the specified interval. Value range: 0 (no password change required) to 730 days. |
Maximum sign-in attempts | The work profile is deleted after this number of incorrect sign-in attempts. |
Password history | The number of previously used passwords Sophos Mobile stores. When the user sets a new password, it mustn’t match a password that was already used. |
If you select Complex password, the following additional fields are displayed:
Setting | Description |
---|---|
Minimum number of letters | The minimum number of letters a password must contain. |
Minimum number of lowercase letters | The minimum number of lowercase letters a password must contain. |
Minimum number of uppercase letters | The minimum number of uppercase letters a password must contain. |
Minimum number of non-alphabetic characters | The minimum number of non-alphabetic characters (for example & or ! ) a password must contain. |
Minimum number of digits | The minimum number of numerals a password must contain. |
Minimum number of special characters | The minimum number of special characters (for example !"§$%&/()=,.-;:_@<> ) a password must contain. |