Android: Knox MDM password rules
KnoxMDM password rules
KnoxMDM password rules set the device password requirements for devices with the following activation types:
- Work and personal - full control(Samsung Knox)
- MDM controls(KnoxMDM)
Devices with these activation types must have a device password.
If you are activating devices with
Android Enterpriseactivation types to use
Knox Platform for Enterprise, use the
AndroidGlobal password rules. The
Samsung Knoxactivation types and
KnoxMDM IT policy rules will be deprecated in a future release. For more information, visit https://support.blackberry.com/community to read article 54614.
Specify the minimum requirements for the password. You can choose one of the following options:
Minimum password length
Specify the minimum length of the password. The password must be at least 4 characters.
Minimum lowercase letters required in password
Specify the minimum number of lowercase letters that a complex password must contain.
Minimum uppercase letters required in password
Specify the minimum number of uppercase letters that a complex password must contain.
Minimum complex characters required in password
Specify the minimum number of complex characters (for example, numbers or symbols) that a complex password must contain. If you set this value to 1, then at least one number is required. If you set a value greater than 1, then at least one number and one symbol are required.
Maximum character sequence length
Specify the maximum length of an alphabetic sequence that is allowed in an alphabetic, alphanumeric, or complex password. For example, if the alphabetic sequence length is set to 5, the alphabetic sequence "abcde" is allowed but the sequence "abcdef" is not allowed. If set to 0, there are no alphabetic sequence restrictions.
Maximum inactivity time lock
Specify the maximum period of user inactivity before the device locks (key guard lock). If the device is managed by multiple EMM solutions, the device uses the lowest value as the inactivity period. If the device uses a password, the user must provide the password to unlock the device. If set to 0, the device doesn’t have an inactivity timeout.
Maximum failed password attempts
Specify the number of times that a user can enter an incorrect password before a device is wiped.
Password history restriction
Specify the maximum number of previous passwords that a device checks to prevent a user from reusing a recent password. If set to 0, the device does not check previous passwords.
Password expiration timeout
Specify the maximum amount of time that the device password can be used. After the specified amount of time elapses, the password expires and a user must set a new password. If set to 0, the password does not expire.
Allow password visibility
Specify whether the device password can be visible when the user is typing it. If this rule is not selected, users and third-party apps cannot change the visibility setting.
Allow fingerprint authentication
Specify whether the user can use fingerprint authentication for the device.
For more information about the IT policy password rules, download the Policy Reference Spreadsheet.