Is there anything like iOS passcode policy whereby you get 60 minutes to change your passcode after which you are forced to set a device passcode? On android I can just skip the prompt to create a device passcode and it won't ask me at a later time to create one either thus leaving my device wide open.
Hey Nick we put a compliance policy in place that emails the user if they don't have one set or remove it after that fact. We all users 7 days to fix the violation or we unenroll the device. If someone has a better way of triggering it like you mentioned on iOS I would be interested in hearing about it but so far this has worked for us.
That is a great suggestion but probably not very practical for our use case. Shame Android is still not really up to the standards of IOS when it comes to large scale enterprise deployments.
I'm confused, my Android devices have a passcode profile installed that requires a passcode. Once the profile is applied you can't remove it and you can't disable the passcode in settings. Make sure to set the ' Allow removal' to ' Never' in the profile.
It shows it as installed yes but there is no way to force the setting of the passcode as a user can just press the home button to skip it or it could be surpressed during installation due to another service taking priority thus never showing the user the set device code screen. In an environment like mine with multiple users per device where each of these users handles extremely sensitive data this won't get me through any audits.
To be clear I am not using Knox or any OEM specific profiles.
We have the same issue with our customers... it is possible to ignore the passcode prompt indefinitely and never set a passcode.
Setting up the compliance policy helps, but also annoys the user by sometimes sending a notification before they have even had a chance to setup a passcode.
Have you configured password policy , if so disable the policy , this will only prompt you to change password once since policy is rolled back ,then it wont ask any prompt.
What version of Airwatch you using , cloud /on-prem.
Ok I delved a bit deeper into using compliance policies and one way of doing it would be:
If no passcode present install a profilie witih single app mode set to intelligent hub.
Unfortunately single app mode doesn't seem to be the same as single app mode in IOS and still allows full access to the device. Is single app mode the same as screen pinning or do I need to do something else to lockdown the device?
Hi Nick, did you manage to solve this? We have the same problem, users should change their passcode but can get out of it by pressing the home button. They don't get prompted again and we need to find a way to enforce a passcode change.
