Android: Knox MDM password rules
Android
: Knox
MDM password rulesThe
Knox
MDM password rules set the device password requirements for devices with the following activation types:
- Work and personal - full control(Samsung Knox)
- MDM controls(KnoxMDM)
Devices with these activation types must have a device password.
If you are activating devices with
Android Enterprise
activation types to use Knox Platform for Enterprise
, use the Android
Global password rules. The Samsung Knox
activation types and Knox
MDM IT policy rules will be deprecated in a future release. For more information, visit https://support.blackberry.com/community to read article 54614.The
MDM controls
activation type is deprecated for devices with Android
10. For more information, visit https://support.blackberry.com/community to read article 48386.Rule | Description |
|---|---|
Password requirements | Specify the minimum requirements for the password. You can choose one of the following options:
|
Minimum password length | Specify the minimum length of the password. The password must be at least 4 characters. |
Minimum lowercase letters required in password | Specify the minimum number of lowercase letters that a complex password must contain. |
Minimum uppercase letters required in password | Specify the minimum number of uppercase letters that a complex password must contain. |
Minimum complex characters required in password | Specify the minimum number of complex characters (for example, numbers or symbols) that a complex password must contain. If you set this value to 1, then at least one number is required. If you set a value greater than 1, then at least one number and one symbol are required. |
Maximum character sequence length | Specify the maximum length of an alphabetic sequence that is allowed in an alphabetic, alphanumeric, or complex password. For example, if the alphabetic sequence length is set to 5, the alphabetic sequence "abcde" is allowed but the sequence "abcdef" is not allowed. If set to 0, there are no alphabetic sequence restrictions. |
Maximum inactivity time lock | Specify the maximum period of user inactivity before the device locks (key guard lock). If the device is managed by multiple EMM solutions, the device uses the lowest value as the inactivity period. If the device uses a password, the user must provide the password to unlock the device. If set to 0, the device doesn’t have an inactivity timeout. |
Maximum failed password attempts | Specify the number of times that a user can enter an incorrect password before a device is wiped. |
Password history restriction | Specify the maximum number of previous passwords that a device checks to prevent a user from reusing a recent password. If set to 0, the device does not check previous passwords. |
Password expiration timeout | Specify the maximum amount of time that the device password can be used. After the specified amount of time elapses, the password expires and a user must set a new password. If set to 0, the password does not expire. |
Allow password visibility | Specify whether the device password can be visible when the user is typing it. If this rule is not selected, users and third-party apps cannot change the visibility setting. |
Allow fingerprint authentication | Specify whether the user can use fingerprint authentication for the device. |
For more information about the IT policy password rules, download the Policy Reference Spreadsheet.