Configuring a strong unlock password for iOS MDM devices
To protect iOS MDM device data, configure the unlock password strength settings.
By default, the user can use a simple password. A simple password is a password that contains successive or repetitive characters, such as "abcd" or "2222". The user is not required to enter an alphanumeric password that includes special symbols. By default, the password validity period and the number of password entry attempts are not limited.
To configure the strength settings for an iOS MDM device unlock password:
In the console tree, in the Managed devices folder, select the administration group to which the iOS MDM devices belong.
In the workspace of the group, select the Policies tab.
Open the policy properties window by double-clicking any column.
Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.
In the policy Properties window, select the Password section.
In the Password settings section, select the Apply settings on device check box.
Configure unlock password strength settings:
To allow the user to use a simple password, select the Allow simple password check box.
To require use of both letters and numbers in the password, select the Prompt for alphanumeric value check box.
To require use of a password, select the Force use of password check box. If the check box is cleared, the mobile device can be used without a password.
In the Minimum password length list, select the minimum password length in characters.
In the Minimum number of special characters list, select the minimum number of special characters in the password (such as "$", "&", "!").
In the Maximum password lifetime field, specify the period of time in days during which the password will stay current. When this period expires, Kaspersky Device Management for iOS prompts the user to change the password.
In the Enable Auto-Lock in list, select the amount of time after which iOS MDM device Auto-Lock should be enabled.
In the Password history field, specify the number of used passwords (including the current password) that Kaspersky Device Management for iOS will compare with the new password when the user changes the old password. If passwords match, the new password is rejected.
In the Maximum time for unlock without password list, select the amount of time during which the user can unlock the iOS MDM device without entering the password.
In the Maximum number of access attempts, select the number of access attempts that the user can make to enter the iOS MDM device unlock password.
Click the Apply button to save the changes you have made.
As a result, once the policy is applied, Kaspersky Device Management for iOS checks the strength of the password set on the user's mobile device. If the strength of the device unlock password does not conform to the policy, the user is prompted to change the password.