Hello folks… We are trying to have a system in our org where once a passcode is set in the device then the users shouldn’t be able to change it. We mostly deal with iphones and ipads and want to set a passcode policy that requires 8 digit passcode with 2 complex chara.
Do u guys have any idea how we can do this?
Set a passcode first then deny changing itSolved
Replies (6)
Hello @emersyn, thank you for reaching out to us! Here’s what you’ve got to do.
Firstly, create a password policy that suits your requirements by selecting the appropriate configurations. Then, associate the policy with the desired targets.
Once you’ve applied the policy, users will be prompted at the device end to set a passcode according to the policy. After the user sets the passcode, you can create a new policy to restrict the user from modifying it.
- Below iOS tab, configure Advanced restrictions.
- For Supervised iOS 9.0+ devices, uncheck Modify passcode to prevent the users from adding, changing or removing the passcode.
- Select your Policy targets (Devices/Users/Device groups/User Groups/Domains) and save the policy.Hope this solution works for you. Try it out, and keep me posted on any updates.
Cheers!
Emma Jones
Hexnode UEM
Thank you for that Emma! But honestly this method is quite time consuming and manual. Doing it for 1 or 2 devices is cool but we have a fleet of devices with this requirement so setting passcode policy for all those devices first and after the users set the passcode then setting the policy to restrict passcode change is not ideal.
Could you suggest any other method we can try out to make the whole process easier?
Hey @emersyn, Good to see you again! Thanks for the update.
As an alternate solution, you could create a smart group to automate the process better.
1. Under the Manage tab, select Device Groups and create a New dynamic group.
2. Choose condition filter as ‘Compliance info Password compliance is true.’
3. Save the group.
Now configure a password policy as per your requirements and apply it to your desired targets. Also, configure a policy to restrict modifying passcode and apply it to the created dynamic group for password-compliant devices.
A prompt will be shown at the device end to set the passcode as per the policy. Once the passcode is set, the device becomes compliant, and the restriction to modify the passcode will be applied.
Hope this answer suits your requirements.
Regards
Emma Jones
Hexnode UEM
Thank you so much. It’s not exactly perfect but works for us!
Hey so I was trying to set passcode policy and then restrict users from modifying passcode. But these messages popped up when I tried to do both. Could you explain why this might be happening?
@verb You’ve got nothing to worry about! You see the message due to the conflict between the passcode policy and modification restriction. If you restrict modifying the passcode, no new passcode can be added. Henceforth, applying a passcode policy opposes restricting the passcode from being modified. Therefore, the error message pops up.
Configure the passcode and restriction in separate policies and apply as mentioned in the above replies, and you are good to go.
Looking forward to hearing from you again.
Cheers!
Emma Jones
Hexnode UEM