Authors: @Anindita Rath and @Priya Pareta

Introduction
Managing device security across an organization can often feel like a daunting, time-consuming task—especially when it comes to setting passcodes for a large number of devices or frequently onboarding new ones. A new feature enables administrators to set device passcodes through Mobile Device Management (MDM) policies, simplifying this process by automating passcode configurations for multiple devices at once. This not only strengthens security but also drastically reduces administrative time and the potential for human error, which is especially beneficial for organizations with extensive fleets of frontline or kiosk devices.

Previously, administrators could set passcode policies with configurable options such as passcode complexity, minimum character length, and requirements for numeric or non-numeric, allowing users to create their own passcodes based on these rules. Once the policy was applied, users would set their individual passcodes according to the defined criteria. However, with the new functionality, administrators now have the ability to set a common passcode across all devices under the policy. As a result, users will see and use the same passcode for all devices where the policy is applied, simplifying device security management while maintaining uniformity across the organization. This update aligns MaaS360 with industry competitors, offering a significant advantage for customers managing large-scale deployments.

Note: This feature is applicable only for Device Owner mode enrolments or devices, meaning it will only work with devices that are enrolled in Device Owner (DO) mode through MDM. Devices enrolled in other modes will not be affected by this policy.

Use Cases Where Admin Defined Passcode Policies Are Beneficial
Setting Admin Defined Passcode Policies through MDM is especially useful in scenarios such as:

• Large-scale deployments: Organizations with hundreds or thousands of devices benefit from automated passcode configuration.
• Frontline or Kiosk Devices: Ensures consistent security across devices that may be shared by multiple users.
• New Device Enrolment: Automatically applies passcode settings to newly added devices, eliminating the need for manual configuration.
  
  

Key UI Changes and Administrator Steps
With the introduction of the passcode-setting feature via MDM policy, administrators will notice several updates to the user interface (UI). These changes will make configuring device security easier and more efficient:

1. New Passcode Policy Field
A new field will appear under Android Enterprise Settings > Passcode Policy. This field allows administrators to define a specific passcode that will be enforced across all devices.

2. Hide Impacted Fields
When a passcode is set through the MDM policy, fields related to passcode complexity—such as minimum passcode length, history, and age—will be hidden. These fields will no longer be relevant when the passcode is set at the policy level.

3. Checkbox for Show/Hide Options
A new checkbox will provide administrators with the flexibility to toggle the visibility of impacted fields. When checked, it will enforce the passcode settings and hide the associated fields, such as passcode complexity.

These updates help streamline the process of securing devices, ensuring consistency, and reducing administrative workloads when managing large device fleets.

Steps to Set Device Passcodes via MDM Policy
Setting device passcodes through MDM policy is simple and can be done by following these straightforward steps:

1.  Navigate to Android Enterprise Settings
In the MaaS360 portal, go to MDM Policy, click the Edit Policy button, then navigate to Android Enterprise Settings and select Passcode Policy.

2.   Choose to Define Administrator Passcode
A Configure Device Passcode Policy checkbox will appear, giving administrators the option to show or hide the field for entering the administrator passcode. Checking this option will hide various impacted settings, such as passcode complexity options.  

If this checkbox is checked, the following fields will be hidden from the policy:

• Minimum Passcode Complexity
• Minimum Passcode Quality
• Minimum number of numbers (visible when passcode quality is set to "complex")
• Minimum number of letters (visible when passcode quality is set to "complex")
• Minimum number of lowercase letters (visible when passcode quality is set to "complex")
• Minimum number of uppercase letters (visible when passcode quality is set to "complex")
• Minimum number of non-letters (visible when passcode quality is set to "complex")
• Minimum number of complex characters (visible when passcode quality is set to "complex")
• Minimum Passcode Length (4-16 characters)
• Passcode History
• Maximum Passcode Age (in days)

The following fields will remain unaffected and will continue to function as usual:

• Delay for Passcode Prompt After Lock Screen
• Allowed Idle Time Before Auto-Lock (in minutes)
• Allowed Idle Time for Stronger Authentication (in hours)
• Number of Failed Passcode Attempts Before All Data is Erased (0-16)
  
  

3.   Add the Passcode
A new field will appear where administrators can input the desired passcode to be applied across multiple devices. Enter the passcode in the designated field.

4.   Save the Policy

Once the passcode and any necessary settings are configured, save the policy. The defined passcode will then be applied to all Device Owner mode enrolled devices under this policy.

5.   Automatically Apply to New Devices

For any new devices enrolled in Device Owner mode, the passcode will automatically be applied according to the policy, ensuring no manual intervention is required.

By following these steps, administrators can quickly apply a consistent passcode policy across multiple devices, saving time and reducing the risk of human error.

Conclusion

Setting device passcodes through MDM policies greatly enhances both security and efficiency for organizations managing large fleets of devices. By automating the process, administrators can ensure consistent protection across all devices while significantly reducing the manual effort and risk of errors that typically come with manually configuring passcodes. This feature is a valuable addition for organizations seeking to streamline their device management processes and improve overall security.