Defining device unlock settings

You can define these policy settings only for Android devices.

To keep a mobile device secure, you need to configure the use of a password for which the user is prompted when the device comes out of sleep mode.

You can impose restrictions on the user's activity on the device if the unlock password is weak (for example, lock the device). You can impose restrictions by using the Compliance Control component.

On certain Samsung devices running Android 7.0 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.

To configure device unlock password strength:

  1. Open the policy properties window:
    • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
    • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
  2. In the policy properties window, select Application settings > Essential protection.
  3. If you want the app to check whether an unlock password has been set, select the Require to set screen unlock password in the Password protection section.

    If the application detects that no system password has been set on the device, it prompts the user to set it. The password is set according to the parameters defined by the administrator.

  4. Specify the minimum number of characters in the user password.

    Possible values: 4 to 16 characters.

    The user's password is 4 characters long by default.

    On devices running Android 10.0 or later, Kaspersky Endpoint Security resolves the password strength requirements into one of the system values: medium or high.

    The values for devices running Android 10.0 or later are determined by the following rules:

    • If the password length required is 1 to 4 symbols, then the app prompts the user to set a medium-strength password. It must be either numeric (PIN) with no repeating or ordered (e.g. 1234) sequences, or alphanumeric. The PIN or password must be at least 4 characters long.
    • If the password length required is 5 or more symbols, then the app prompts the user to set a high-strength password. It must be either numeric (PIN) with no repeating or ordered sequences, or alphanumeric (password). The PIN must be at least 8 digits long; the password must be at least 6 characters long.
  5. If you want the user to have the capability to use fingerprints to unlock the screen, select the Allow use of fingerprints (Android 9 or earlier) check box. If the unlock password is not compliant with corporate security requirements, you cannot use a fingerprint scanner to unlock the screen.

    On devices running Android 10.0 or later, the use of a fingerprint to unlock the screen is not supported.

    Kaspersky Endpoint Security for Android does not restrict the use of a fingerprint scanner for signing in to apps or confirming purchases.

    On certain Samsung devices, it is impossible to block the use of fingerprints for unlocking the screen.

    On certain Samsung devices, if the unlock password does not comply with corporate security requirements, Kaspersky Endpoint Security for Android does not block the use of fingerprints for unlocking the screen.

    After adding a fingerprint in the device settings, the user can unlock the screen by using the following methods:

    • Press the finger to the fingerprint scanner (main method).
    • Enter the unlock password (backup method).
  6. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

Page top