Passcode for Android work profile
This article instructs you on how you can set a passcode policy for the Android work profile and how you can reset the passcode remotely.
If you're looking for a way to set passcode complexity requirements for the device lock screen instead, please read the Device passcode policy for Android.
Requirements
- You have configured the managed Google Play Enterprise for your GoTo Resolve MDM site.
- This feature is supported for Android 7 and newer devices enrolled in the Work Profile mode.
- For Android 5 and 6 devices, the passcode will enforce a single passcode for the entire device.
How to create a passcode policy for the Android Work Profile?
You can set a passcode policy separately for the device and for the work profile. To create a passcode policy for the work profile, follow the steps below.
- Go to and add a new configuration profile by clicking Add > Android > Passcode.
- Define the passcode requirements and set the Target = Work profile lock screen. If you choose "Device lock screen" the policy will require users to set a passcode for the entire device, not only for the work profile. See the description of the different passcode settings in the next section.
The layout of the screen may look different in the product. - After you have created the profile, you can deploy it to your devices either manually using the "Deploy" button or automatically using business policies.
- Optional step for Android 9.0 and newer devices. If you want, you can prevent the use of the same passcode for the device and for the Work Profile. You can do this with a configuration profile (Android > Restrictions) by setting the Unified passcode = Denied on the Profile owner settings.
The layout of the screen may look different in the product.
Description of passcode configuration options
See below the description of each passcode setting.
Passcode requirements
- Complexity requirement (Android 12)
-
Use this field to set the passcode requirements in the form of predefined complexity buckets (None, Low, Medium, or High) for the lock screen of the Work Profile. This setting is not applicable to Android 6-11 devices. The complexity buckets are described with more details in the field tooltip.
If you want to define passcode complexity requirements for Android 6-11 devices OR if you want to define custom passcode complexity requirements, instead of using the presets, then use the Minimun length and Quality requirement fields.
- Minimum length
-
Defines the minimum length for the passcode.
- Quality requirement
-
Defines the minimum quality requirement for the passcode. The requirements are in order from the loosest to the strictest. A loose requirement always allows for a stricter passcode. For example, if the minimum quality requirement is
Numeric (pin code), the end-user can choose to use a more complex password.
- Unspecified: No requirements for the passcode. Please note that the user can disable the passcode completely.
- Something: Requires some kind of a passcode, but doesn't matter what it is. Patterns, pin codes, passwords, etc. are all allowed.
- Numeric: A pin code is the loosest passcode type allowed.
- Alphabetic: The user must enter a password containing alphabetic characters (or other symbols).
- Alphanumeric: Requires a password that is a combination of letters and numbers. May also include symbolic characters.
- Complex: Requires a password containing at least one letter, one numerical digit, and one special symbol.
Passcode settings
- Target
- Defines whether the passcode configuration is set for the device lock screen or work profile lock screen.
- Expiration age
- Defines the amount of time until the passcode expires.
- Maximum screen lock timeout
- Defines the maximum time until the screen is locked if the device is left unattended. The user may set a shorter than maximum timeout for the screen lock.
- History restriction
- Defines the number of previous passcodes that cannot be used.
- Maximum number of failed attempts
- Defines the amount of failed unlock attempts before the work profile gets wiped.
How to reset the passcode of the Android Work Profile remotely?
GoTo Resolve MDM's Reset device passcode action is not applicable to the Android Work profile, but it is possible to reset the work profile passcode remotely.
To do so create a passcode configuration profile for Android and go to the Default passcode and lock screen message tab.
Check Force unlock passcode and enter the passcode to the Unlock passcode field.
After you have created the profile, distribute the profile to the devices whose passcode you want to reset.
Default passcode and lock screen message settings
- Force unlock passcode
- Forces the defined unlock passcode to the profile.
- Unlock passcode
-
Force a new unlock passcode. This change takes effect immediately. The given password must be sufficient for the defined password quality and length constraints. If it does not meet these constraints it will be rejected.
When a passcode is enabled, the user is requested to enter their passcode when opening work profile apps after the device has been restarted, the device is locked or the lock device command has been deployed.
- Set lock screen message
- Enable if you want to display a custom message on the lock screen of Fully managed Android devices. This feature is supported on Android 7.0 and newer devices.
- Lock screen message
- The actual content for the custom lock screen message.