Set a passcode first then deny changing it

expand collapsive

Hello folks… We are trying to have a system in our org where once a passcode is set in the device then the users shouldn’t be able to change it. We mostly deal with iphones and ipads and want to set a passcode policy that requires 8 digit passcode with 2 complex chara.
Do u guys have any idea how we can do this?

All Replies

  • Hexnode

    Emma Jones

    Moderator

    Hello @emersyn, thank you for reaching out to us! Here’s what you’ve got to do.
    Firstly, create a password policy that suits your requirements by selecting the appropriate configurations. Then, associate the policy with the desired targets.

    Once you’ve applied the policy, users will be prompted at the device end to set a passcode according to the policy. After the user sets the passcode, you can create a new policy to restrict the user from modifying it.

    1. Below iOS tab, configure Advanced restrictions.
    2. For Supervised iOS 9.0+ devices, uncheck Modify passcode to prevent the users from adding, changing or removing the passcode.
    3. Select your Policy targets (Devices/Users/Device groups/User Groups/Domains) and save the policy.Hope this solution works for you. Try it out, and keep me posted on any updates.

      Cheers!
      Emma Jones
      Hexnode UEM

    • This reply was modified 1 month, 2 weeks ago by  Emma Jones.
    • This reply was modified 1 month, 2 weeks ago by  Emma Jones.
    • This reply was modified 1 month, 2 weeks ago by  Emma Jones.
    Solution
  • Participant

    Emersyn

    Participant

    Thank you for that Emma! But honestly this method is quite time consuming and manual. Doing it for 1 or 2 devices is cool but we have a fleet of devices with this requirement so setting passcode policy for all those devices first and after the users set the passcode then setting the policy to restrict passcode change is not ideal.

    Could you suggest any other method we can try out to make the whole process easier?

  • Hexnode

    Emma Jones

    Moderator

    Hey @emersyn, Good to see you again! Thanks for the update.
    As an alternate solution, you could create a smart group to automate the process better.

    1. Under the Manage tab, select Device Groups and create a New dynamic group.
    2. Choose condition filter as ‘Compliance info Password compliance is true.’
    3. Save the group.

    Now configure a password policy as per your requirements and apply it to your desired targets. Also, configure a policy to restrict modifying passcode and apply it to the created dynamic group for password-compliant devices.

    A prompt will be shown at the device end to set the passcode as per the policy. Once the passcode is set, the device becomes compliant, and the restriction to modify the passcode will be applied.

    Hope this answer suits your requirements.

    Regards
    Emma Jones
    Hexnode UEM

  • Participant

    Verbnigge

    Participant

    Hey so I was trying to set passcode policy and then restrict users from modifying passcode. But these messages popped up when I tried to do both. Could you explain why this might be happening?

     

     

  • Hexnode

    Emma Jones

    Moderator

    @verbnigge You’ve got nothing to worry about! You see the message due to the conflict between the passcode policy and modification restriction. If you restrict modifying the passcode, no new passcode can be added. Henceforth, applying a passcode policy opposes restricting the passcode from being modified. Therefore, the error message pops up.

    Configure the passcode and restriction in separate policies and apply as mentioned in the above replies, and you are good to go.

    Looking forward to hearing from you again.

    Cheers!
    Emma Jones
    Hexnode UEM

    • This reply was modified 1 month, 2 weeks ago by  Emma Jones.
    • This reply was modified 1 month, 2 weeks ago by  Emma Jones.