Category filter

How to remotely Lock a Device

The remote device lock is a security feature provided by Hexnode UEM. Hexnode allows IT administrators to remotely lock their client’s devices if they get lost or stolen. Thus, it ensures that only the users who know the password can access the device. This helps prevent unauthorized access to the devices. This feature is supported on Android, iOS, macOS, Linux, and Windows devices.

On Android and iOS devices, you can also set a message to be shown on the lock screen. If the device is found missing, you can lock the device and leave a message and a phone number on the locked screen. This message and the phone number can guide the people who find the device back to its owner.

Apart from remotely locking devices, you can also secure your Android device with a Device Password and the work container in it with a Work Profile Password. Hexnode also allows you to mandate device passcode on your iOS, macOS, Linux, and Windows devices.

Enforce password policy

  1. Log in to your Hexnode UEM portal.
  2. Navigate to Policies.
  3. Select an existing policy or create a new one by clicking on New Policy.
  4. Under the required platform section (iOS/Android/Windows/Linux/macOS), click on Passcode or Password (varies with the platform).
  5. Select the password requirements and save the policy.
  6. Associate the policy to target devices.
Notes:

  • In iOS, the end-users will get an hour to set a passcode as per the requirements. If they fail to set a passcode within that time, then the device will be locked, and the users are only allowed to access the passcode configuration page.
  • For Android devices, a prompt appears on the device. Click on Continue and set the password in accordance with the configured policy.


    Remotely lock devices after enforcing password policy for Android devices via MDM
  • On a Windows PC, the user will be asked to change the password on the next login to meet the requirements set by the organization.
  • For macOS/Linux devices, the password requirement set by the policy will be reflected only when the user tries to change the password after applying the policy.

Remotely Locking the Device

To initiate an instant remote lock, you can follow either of these methods.

Notes:

  • A passcode should be set up on iOS devices to display a custom message on the lock screen.
  • Custom messages and Phone number can be displayed only on Android and iOS devices.
  • System lock PIN is a 6-digit code that you configure in the portal itself. This doesn’t have to be the Mac passcode. Users have to enter this PIN to unlock their Mac devices.
Exception:

  • On macOS devices with Silicon chip, if this action is initiated from the portal when a password policy is applied with the option Change password at next login enabled, then the admin password cannot be used to unlock the device. The device needs to be wiped or disenrolled for the user to log in to the device again.
  • macOS devices will go into an indefinite lock state if the wrong System Lock PIN is entered repeatedly. Apple has introduced this feature to ensure data security in the event of device theft.

Method 1

  1. Go to the Manage tab.
  2. Select the device/devices that you want to lock.
  3. From Actions, select Lock Device.
  4. Provide a custom message, phone number (both are optional) to be displayed on the iOS and Android lock screen. Specify the System lock PIN if you are locking a Mac.
  5. Click Continue.

Method 2

  1. Go to Manage.
  2. Click on the device name, this will take you to the device details page.
  3. From Actions, select Lock Device.
  4. Provide a custom message, phone number if you are locking an iOS or Android device. Specify the System lock PIN if you are locking a macOS device.
  5. Click Continue.

However, these two methods are the same, the only difference is the location from which the Lock Device option is accessed.

What happens at the device end?

  • iOS – The remote ‘Lock Device’ action will lock the device’s screen. The user should enter the correct passcode to unlock the screen.
  • Android – The screen gets locked, and only the user with the correct password can unlock the device.
  • Windows – The action will lock the device’s screen. The user should provide the correct password before the Windows device can be unlocked and used again. In case the lock action is performed on a device that does not have a password, the action fails, displaying an error message on the portal.
  • Linux – The action will lock the device’s screen. The user should provide the password before the device can be unlocked and used again.
  • Mac – The device gets restarted, and the user is asked to enter the System lock PIN to log in to the device.

Auto-lock using Policies

Automatic screen lock can be enabled by configuring it via a Password policy. The device will be locked automatically if the device is idle for a specified amount of time.

  1. Log in to your Hexnode UEM portal.
  2. Navigate to Policies.
  3. Select an existing policy or create a new one by clicking on New Policy.

Now, follow the instructions as per the device platform.

iOS

  • From iOS, select Passcode > Auto lock.
  • The available options are Never, 1 minute, 2 minutes, 3 minutes, 4 minutes, 5 minutes, 10 minutes, or 15 minutes.

Android

  • From Android, select Device Password/Work Profile Password > Auto lock after.
  • It can take the values Never, 1 minute, 2 minutes, 3 minutes, 4 minutes, 5 minutes, 10 minutes, or 15 minutes.

Windows

  • From Windows, select Password > Auto lock.
  • Choose the required value from 0-99 minutes.
Note:


Lumia 950 and 950 XL auto-locks after 5 minutes, regardless of the value set in this policy.

macOS

  • From macOS, select Passcode > Auto lock.
  • You can set the value as Never, 1 minute, 2 minutes, 3 minutes, 4 minutes, 5 minutes, 10 minutes, or 15 minutes.
Note:

Locking a Mac with an Apple Silicon processor running macOS 11.5 (or earlier) deactivates it. To unlock it, make sure the device is connected to the internet and enter the administrator username and password for a user who has Secure Token enabled.

Associate the policy with target devices

If the policy has not yet been saved,

  1. Navigate to Policy Targets.
  2. Click on +Add Devices.
  3. Select the devices and click OK.
  4. Click on Save to apply the policies to devices.

Apart from devices, you can also associate the policies with device groups, users, user groups and domains from Policy Targets.

If the policy has been saved, you can associate it with another method.

  1. From Policies, check the policies to be associated.
  2. Click on Manage > Associate Targets and select the device.
  3. Click on Associate to apply the policy with the devices.
  • Remote Actions