Category filter

How to set password rules for Android Enterprise container

Passwords are the front line of defense of a device. It helps to prevent unauthorized access to the device’s features and files thereby increasing the security of the device data. Hexnode’s password policy for Android ensures that the device is safe by forcing the users to set a password compliant with the rules specified in the web console.

On devices enrolled in the Android Enterprise, a work profile in addition to a personal profile will be automatically created on the device. All the work-related data will get stored in this work profile or enterprise container on the device. The Android Enterprise container password policy enables the organization to mandate password set up on the device container.

Note:

  • This feature is supported in Android 7.0+ devices enrolled in Profile Owner mode.
  • For devices enrolled in Device Owner mode, you’ll have to configure Device Password.

Configure Android Enterprise container password rules

To configure the Android Enterprise container password,

  1. Login to your Hexnode portal.
  2. Navigate to Policies > New Policy.
  3. Tap on Android > Password > Work Profile Password. Click Configure.
Policy Description
Minimum password complexity Select the minimum password complexity level for devices running Android 12 and above.
It can take Low, Medium, or High levels.
  • Low: The user can choose to set one of the following:
    • Pattern: A simple pattern-based lock connecting a minimum of 4 dots.
    • PIN: A PIN with a minimum length of ‘4’. The PIN can include a repetition of any number(s) like ‘3333’ or consecutive numbers like ‘2345’.
    • Password: A simple password with a minimum length of ‘4’. It can contain alphabets, numbers and special characters. The maximum password length is ’16’.
  • Medium: The user can choose to set one of the following:
    • PIN: A PIN with a minimum length of ‘4’, provided it does not include:
      • more than 3 repetitions of the same number.
      • a combination of 3 consecutive numbers.
    • Password: A password with a minimum length of provided it does not include:
      • more than 3 repetitions of the same alphabet, number or a special character.
      • a combination of 3 consecutive alphabets, or numbers.
  • High: The user can choose to set one of the following:
    • PIN: A PIN with a minimum length of ‘8’, provided that it does not include:
      • more than 3 repetitions of the same number.
      • a combination of 3 consecutive numbers.
    • Password: A password with a minimum length of ‘8’, provided that it does not include:
      • more than 3 repetitions of the same alphabet, number or a special character.
      • a combination of 3 consecutive alphabets, or numbers.
Customize password complexity Select the minimum password complexity level for devices running Android 7.0 through Android 11.0.
  • Password Complexity: Select the type of characters that the user needs to use in a password. The options available are: Simple Value, Numbers, Alphabets, Alphanumeric and Complex Value.
  • Minimum Passcode Length (not applicable if Simple Value password is selected): The minimum length of the password that the user must set. You can choose a length from 4 to 16.
  • Minimum Letter Length (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Uppercase Letters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of uppercase letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Lowercase Letters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of lowercase letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum non-Alphabetic Characters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of characters, other than alphabets, that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Numeric Letters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of numeric letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Symbols (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of special characters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
Password age (in days) The number of days after which the password will expire. The available values are 10, 20, 50, 70, 120, 250, 360, 470, 600, 720. The users need to renew the password before the specified password age. Upon password expiry, the users would have to add a new password.
Auto-lock after Set the amount of idle time before the device is locked automatically. The available values are never, 1 minute, 2 minutes, 3 minutes, 4 minutes, 5 minutes, 10 minutes, 15 minutes. By default, the auto-lock option will be disabled.
Password History (1-50 passcodes) Blocks the users from re-using the password for the specific number of times. You can choose a value in the range 1 and 50. Password history is turned off by default. For instance, the password history is set as 5 and the current password is, say Abcd123!. If the user changes this password, he cannot use this password for the next 5 attempts.
Failed attempts The device data will be wiped automatically if the user enters an incorrect password for the specified number of times. The number of attempts can be 4, 5, 6, 7, 8, 9 or 10.

Associate policy with target entities

After configuring the password policy, the users need to associate the policy with the target device.

To associate the policy with target device,

  1. From the Policy Targets tab, tap on +Add Devices.
  2. Choose the device you wish to associate the policy with and click OK.
  3. Click Save.
  4. You can also choose Device Groups, Users, User Groups or Domain and associate the policy.

If you wish to associate the policy at a later point of time,

  1. Tap on the Policies tab.
  2. Select the policy you wish to associate with the device from the list.
  3. Click on Manage and choose Associate Targets.
  4. Choose the devices you wish to associate the policy with and click Associate.

Setting up container password on the Android device

On the Android device,

  1. Tap on the Hexnode for Work app.
  2. A Set up a new password for work option will be displayed. Click Set Up.
  3. Set the password for the work container and confirm.
  4. Set the desired work profile notifications and click Done.

Note:

The removal of the policy does not remove the password from the device. To remove the password from the device, manually initiate the removal. Navigate to Settings > Lock Screen > Work Profile Lock, enter the work container password and choose None. The settings may be different for different Android device models.

  • Managing 'Android Enterprise' Devices