Configuring a strong unlock password for an iOS MDM device
These settings apply to supervised devices and devices operating in basic control mode.
To protect iOS MDM device data, configure the unlock password strength settings.
By default, the user can use a simple password. A simple password is a password that contains sequential or repeated characters such as "abcd" or "2222". The user is not required to enter an alphanumeric password that includes special symbols. By default, the password validity period and the number of password entry attempts are not limited.
To configure the unlock password strength settings for an iOS MDM device:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select iOS and go to the Security controls section.
- On the Screen unlock settings card, click Settings.
The Screen unlock settings window opens.
- Enable the settings using the Screen unlock settings toggle switch.
The toggle switch in this card does not enable or disable the corresponding functionality on devices. Enabling the toggle switch lets you configure custom settings. Disabling the toggle switch lets you use default settings.
- Configure the unlock password strength settings:
- To allow the user to use a simple password, select the Allow simple password check box. Even if this check box is cleared, the user can set a password with less than 6 characters.
If only the Allow simple password check box is selected, no password will be requested. To prompt the user to set a password, select both the Allow simple password check box and the Force use of password check box.
- To require use of both letters and numbers in the password, select the Prompt for alphanumeric value check box.
- To require use of a password, select the Force use of password check box. If the check box is cleared, the mobile device can be used without a password.
If the Prompt for alphanumeric value, Minimum password length, or Minimum number of special characters options are enabled, a password is requested even if the Force use of password check box is cleared.
- In the Minimum password length list, select the minimum password length in characters.
- In the Minimum number of special characters list, select the minimum number of special characters in the password (such as "$", "&", "!").
On some iOS MDM devices, if the Minimum number of special characters value is specified and the Allow simple password check box is selected, the device displays information about setting a password of 6 or more characters even though it is possible to set a password of 4 or more characters.
- In the Maximum password lifetime (days) field, specify the period of time in days during which the password will stay current. When this period expires, the iOS MDM Server prompts the user to change the password.
- In the Auto-Lock list, select the amount of time after which Auto-Lock should be enabled on the iOS MDM device. If the mobile device remains idle for this time period, it switches to sleep mode.
On different iOS MDM devices, the actual time of the device's automatic locking may differ from the value that you have specified:
On iPhone devices: if you set Auto-Lock in 10 or 15 minutes, the device will be locked in 5 minutes.
On iPad devices: if you set Auto-Lock in 1 – 4 minutes, the device will be locked in 2 minutes.
For other values the actual time of the device's automatic locking matches the specified time.
- In the Reuse of previous passwords field, specify the number of used passwords (including the current password) that the iOS MDM Server will compare with the new password when the user changes the current password. If the passwords match, the new password is rejected.
- In the Maximum time for unlock without password list, select the amount of time during which the user can unlock the iOS MDM device without entering the password.
- In the Maximum number of failed password attempts, select the number of attempts that the user can make to enter the unlock password on the iOS MDM device.
- To allow the user to use a simple password, select the Allow simple password check box. Even if this check box is cleared, the user can set a password with less than 6 characters.
- Click Save to save the changes you have made.
Mobile device settings are changed after the next device synchronization with the iOS MDM Server.
As a result, once the policy is applied, the iOS MDM Server checks the strength of the password set on the user's mobile device. If the strength of the device unlock password does not comply with the policy, the user is prompted to change the password.