Passcode Profiles

By Vicky Munsell

Learn how to deploy Passcode settings inside Kandji.

Kandji's Passcode settings profile allows you as an administrator to define the expectations and complexity required on users' local account passwords. These profiles help you improve and enforce security standards, and maintain password hygiene across your fleet of managed devices.

You can deploy Passcode profiles to macOS, iOS, and iPadOS devices.

Conditions you can configure based on device type.

Here's a matrix of options available across the different Apple device types.

 macOSiOStvOS
Require Passcode:white_check_mark::white_check_mark::white_check_mark:
Disallow Simple Passcode:white_check_mark::white_check_mark::white_check_mark:
Require Alphanumeric Passcode:white_check_mark::white_check_mark::white_check_mark:
Minimum Passcode Length:white_check_mark::white_check_mark::white_check_mark:
Minimum Complex Characters:white_check_mark::white_check_mark::white_check_mark:
Max Passcode Age:white_check_mark::white_check_mark::white_check_mark:
Passcode History / Repetition:white_check_mark::white_check_mark::white_check_mark:
Require after Sleep / Screen Saver / Lock:white_check_mark::white_check_mark::white_check_mark:

Start Screen Saver After Timer

(macOS Feature)

:white_check_mark::cross_mark::cross_mark:
Maximum failed attempts before account lockout
(macOS Feature)
:white_check_mark::cross_mark::cross_mark:
Account lockout duration
(macOS Feature)
:white_check_mark::cross_mark::cross_mark:
Force password reset
(macOS Feature)
:white_check_mark::cross_mark::cross_mark:
Maximum available Auto-Lock delay
(iOS / iPadOS Feature)
:cross_mark::white_check_mark::white_check_mark:

Maximum Failed Attempts before Erasing Device

(iOS / iPadOS Feature)

:cross_mark::white_check_mark::white_check_mark:

:cross_mark: limited to specific device types such as macOS, iOS and iPadOS.

 
Create a Passcode Profile 

Log in to your Kandji instance before performing the next steps. 

  1. Create a Passcode Profile in Kandji by selecting Library > Add New > Passcode > Add & Configure 

  2. Enter a unique name

  3. Select your desired Blueprints

  4. Configure your requirements based on device type

  5. Click Save

Important considerations 

Force Resetting Passwords on macOS

If you need to force users to reset their macOS login password, you can use the Passcode Library item and the Force password reset option to trigger a password reset on their next login.

Enabling this option will prompt all users, including users that have a password that does meet the password complexity requirements, on the Mac to reset their password, and will be enforced only once. You can re-select the option in the future if you need to force another reset.

We strongly recommended alerting your users before this option is deployed to ensure they will be prepared for the prompt. 

Enrolling existing devices with Passcode profiles set

If you are adding new devices into your Kandji instance, be mindful that the user password may have never changed which could conflict with the Max Passcode Age option. Be sure to advise your users on what to expect, or consider distributing a Passcode profile out to your organization at a later date.