Skip Navigation

Android
:
Knox
MDM password rules

The
Knox
MDM password rules set the device password requirements for devices with the following activation types:
  • Work and personal - full control
    (
    Samsung Knox
    )
  • MDM controls
    (
    Knox
    MDM)
Devices with these activation types must have a device password.
If you are activating devices with
Android Enterprise
activation types to use
Knox Platform for Enterprise
, use the
Android
Global password rules. The
Samsung Knox
activation types and
Knox
MDM IT policy rules will be deprecated in a future release. For more information, visit https://support.blackberry.com/community to read article 54614.
The
MDM controls
activation type is deprecated for devices with
Android
10. For more information, visit https://support.blackberry.com/community to read article 48386.
Rule
Description
Password requirements
Specify the minimum requirements for the password. You can choose one of the following options:
  • Numeric - the password must include at least one number
  • Alphabetic - the password must include at least one letter
  • Alphanumeric - the password must include at least one letter and one number
  • Complex - allows you to set specific requirements for different character types
Minimum password length
Specify the minimum length of the password. The password must be at least 4 characters.
Minimum lowercase letters required in password
Specify the minimum number of lowercase letters that a complex password must contain.
Minimum uppercase letters required in password
Specify the minimum number of uppercase letters that a complex password must contain.
Minimum complex characters required in password
Specify the minimum number of complex characters (for example, numbers or symbols) that a complex password must contain. If you set this value to 1, then at least one number is required. If you set a value greater than 1, then at least one number and one symbol are required.
Maximum character sequence length
Specify the maximum length of an alphabetic sequence that is allowed in an alphabetic, alphanumeric, or complex password. For example, if the alphabetic sequence length is set to 5, the alphabetic sequence "abcde" is allowed but the sequence "abcdef" is not allowed. If set to 0, there are no alphabetic sequence restrictions.
Maximum inactivity time lock
Specify the maximum period of user inactivity before the device locks (key guard lock). If the device is managed by multiple EMM solutions, the device uses the lowest value as the inactivity period. If the device uses a password, the user must provide the password to unlock the device. If set to 0, the device doesn’t have an inactivity timeout.
Maximum failed password attempts
Specify the number of times that a user can enter an incorrect password before a device is wiped.
Password history restriction
Specify the maximum number of previous passwords that a device checks to prevent a user from reusing a recent password. If set to 0, the device does not check previous passwords.
Password expiration timeout
Specify the maximum amount of time that the device password can be used. After the specified amount of time elapses, the password expires and a user must set a new password. If set to 0, the password does not expire.
Allow password visibility
Specify whether the device password can be visible when the user is typing it. If this rule is not selected, users and third-party apps cannot change the visibility setting.
Allow fingerprint authentication
Specify whether the user can use fingerprint authentication for the device.
For more information about the IT policy password rules, download the Policy Reference Spreadsheet.