“Password policies - Work profile” configuration (Android Enterprise work profile policy)

With the Password policies - Work profile configuration you define requirements for the work profile password. The user must enter that password to open an app when the work profile is locked.

Note The settings supported may depend on the version of the operating system or on other device features. This is indicated by blue labels in Sophos Mobile Admin.

Password type

In the Password type list, select the type of password users are allowed to configure:

Setting

Description

Pattern, PIN or password

Users must set a screen lock. They can choose a type Pattern, PIN or Password screen lock. No additional restrictions are imposed.

Simple password

Users must set a Password screen lock. Digits are allowed, but the password must contain at least one letter. You can define a minimum length. See the following table.

PIN or password

Users must set a PIN or Password screen lock. You can define a minimum length. See the following table.

Alphanumeric password

Users must set a Password screen lock. The password must contain both letters and digits. You can define a minimum length. See the following table.

Complex password

Users must set a Password screen lock. The password must contain both letters and digits. You can define a minimum length and a minimum number of digits, lowercase and uppercase letters and special characters. See the following two tables.

Weak biometric recognition

Users are allowed to use weak biometric recognition methods, like face recognition, to unlock the work profile.
Note Weak biometric recognition methods provide similar security as a 3-digit PIN. This means that unauthorized unlocking might happen in 1 of 1000 attempts.

If you select Simple password, PIN or password, Alphanumeric password or Complex password, the following fields are displayed:

Setting

Description

Minimum password length

The minimum number of characters a password must contain.

Maximum idle time before password prompt

The time after the work profile is locked if it has not been used. The profile can be unlocked by entering the password.

Note The device might impose a shorter time period than what you configure here.

Maximum password age in days

Requires users to change their password in the specified interval. Value range: 0 (no password change required) to 730 days.

Maximum sign-in attempts

The work profile is deleted after this number of incorrect sign-in attempts.

Password history

The number of previously used passwords Sophos Mobile stores.

When the user sets a new password, it mustn’t match a password that was already used.

If you select Complex password, the following additional fields are displayed:

Setting

Description

Minimum number of letters

The minimum number of letters a password must contain.

Minimum number of lowercase letters

The minimum number of lowercase letters a password must contain.

Minimum number of uppercase letters

The minimum number of uppercase letters a password must contain.

Minimum number of non-alphabetic characters

The minimum number of non-alphabetic characters (for example & or !) a password must contain.

Minimum number of digits

The minimum number of numerals a password must contain.

Minimum number of special characters

The minimum number of special characters (for example !"§$%&/()=,.-;:_@<>) a password must contain.