Category filter

Password policy for Android devices

A password policy enforces mandated passcode rules for the users to set passwords on their devices. Hexnode’s MDM solution offers a wide range of parameters to configure a password policy for Android devices. Thus, by enforcing a strong password policy, administrators can ensure that their users abide by the enforced passcode rules and generate stronger passwords on their devices. Organizations can make sure that any devices that fail to meet the applied password policy requirements will be marked as non-compliant on the MDM console.


  • The Password policy is available on Pro, Enterprise, Ultimate, or Ultra pricing plans.
  • For devices enrolled in the Android Enterprise program as Profile Owner, a secondary password requirement (Work Profile Password) can also be set up to access the corporate applications within the work profile.

Configure password policy for Android devices via MDM

To set up a password policy,

  1. Log in to your Hexnode portal.
  2. Go to Policies.
  3. Select an existing policy or create a new one by clicking New Policy.
  4. From Android > Password > select Device Password and click Configure.

  • On devices running Android 10 and above, only the options ‘Failed attempts’ and ‘Auto-lock after-’ will work on non-Android Enterprise devices.

You’ll have the following options to be configured.

Hexnode MDM password policy for Android devices

Password Settings Description
Password Requirement Select the type of characters that the user needs to use in a passcode. It can take simple value, numbers, alphabets, alphanumeric or complex value. The default value is ‘simple value’.

Certain Android devices may force the user to set the alphabet values even if the requirement is set as Numbers alone.

Minimum Passcode Length

(not applicable if simple valued password is selected)

The length of the passcode which the users need to set. The allowed values are from 4 to 16.
Password Age (in days) The number of days before which the passcode needs to be changed. It can take values as Never, 10, 20, 50, 70, 120, 250, 360, 470, 600 or 720. If 20 is set, then the passcode will expire after 20 days. The user should change their passcode before that.
Auto-lock after Set the amount of idle time before the device is locked automatically. The available values are never, 1 minute, 2 minutes, 3 minutes, 4 minutes, 5 minutes, 10 minutes and 15 minutes. By default, the auto-lock will be disabled. If 5 minutes is set and the device is idle for 5 minutes, the device will be locked automatically.
Passcode History Passcode history is set to block the users from reusing the password for a specific number of times. From 1 to 50 passcodes can be set. Passcode history is turned off by default. Consider the value set as 5. A user’s current passcode is abcd1234. If he changes this passcode, the current passcode cannot be used for the next 5 times.
Failed Attempts Hexnode UEM will reset the device to factory settings if the user enters an incorrect password more than the specified number of attempts. The number of attempts can be 4, 5, 6, 7, 8, 9 or 10.
Minimum Letter Length

(applicable only if a password with complex value is required to be entered by the user)

The minimum number of letters the users need to have in their passcode. 1, 2, 3, 4 or 5 are the values that can be set on the console.
Minimum Uppercase Letters

(applicable only if a password with complex value is required to be entered by the user)

This is the minimum number of uppercase letters that should be in the user’s passcode. Values can be 1, 2, 3, 4 or 5.
Minimum Lowercase Letters

(applicable only if a password with complex value is required to be entered by the user)

Select from 1, 2, 3, 4 or 5, the minimum number of lowercase letters that the users should provide in their device passcode.
Minimum Non-alphabetic Characters

(applicable only if a password with complex value is required to be entered by the user)

Provide here the minimum number of characters other than alphabets that the passcode should contain. Choose from 1, 2, 3, 4 and 5.
Minimum Numeric Letters

(applicable only if a password with complex value is required to be entered by the user)

1, 2, 3, 4 or 5, select the minimum numbers that the passcode should include.
Minimum Symbols

(applicable only if a password with complex value is required to be entered by the user)

The minimum number of special characters required in a passcode. Choose 1, 2, 3, 4 or 5 special characters.

Associate Policies with Devices

If the policy has not yet been saved,

  1. Navigate to Policy Targets.
  2. Click on +Add Devices.
  3. Select the devices and click OK.
  4. Click on Save to apply the policies to devices.

Apart from devices, you can also associate the policies with device groups, users, user groups, or domains from Policy Targets.

If the policy has been saved, you can associate it with another method.

  1. From Policies, check the policies to be associated.
  2. Click on Manage > Associate Targets and select the device.
  3. Click on Associate to apply the policy to the devices.

What happens at the device end?

Once the password policy is associated with the device, Hexnode notifies the user if the device has no password or if the set device password is not compliant with the organization’s rules. Clicking on “CONTINUE” will take the user to the page to set up the device password. If the user chooses the option, “ASK LATER,” the prompt will disappear momentarily and reappear after some time.

Prompt message on Android devices after applying password policy.

  • Managing Android Devices