SOTI Pulse Logo

Maximum passcode age on iOS

N
Nicolas
cepo

Hello !

We have set up a reactive profile for iOS. I want to enforce the use of a passcode on the iPhone, but without it expiring. In Configurations > Passcode, I have therefore selected a minimum length, but there is also the ‘maximum passcode age’ setting, which, according to the documentation, accepts values from 0 to 730... but I cannot select 0. If I enter ‘0’, it reverts to ‘1’, and the passcode needs to be changed every day... I simply want to disable the expiry, but this does not seem to be possible. Does anyone know why, whether I am doing something wrong or if it is a bug? I wanted to add a screenshot to this post but I keep getting a 400 error :-)

I should point out that we are not yet Mobicontrol customers; we are currently in a trial period on a trial licence, which expires in a few days, so I cannot create a ticket. Thank you 

Edited 2 days ago
SOTI MobiControl
ANSWERS
RS
Rafael Schäfer
yesterday (edited yesterday)

The minimum is 1: https://developer.apple.com/documentation/devicemanagement/passcode

maxPINAgeInDays
integer

The number of days for which the passcode can remain unchanged. After this number of days, the system forces the user to change the passcode before it unlocks the device.

Minimum: 1
Maximum: 730

Not sure if the MDM could "not send" this option to avoid setting it but this should be a question from you to your trial contact at Soti and would most likely then a feature request to be made to make this option to be turned on/off.
I would guess yes, as no "default" setting is defined in the documentation but for others.

 

Btw: Yes, i also get always http400 error when trying to upload a picture or insert it by Copy&Paste.

N
Nicolas
yesterday

Thank you Rafael for your very quick reply!

So I understand that this is a limitation on Apple’s side once the “maxPINAgeInDays” parameter is sent. However, I believe (based on the documentation) that this parameter is not mandatory and that Mobicontrol might not send it?

In other words, there could be an option to tick or untick the expiry setting. (Or allow the option to be set to ‘0’, and if the user enters 0, this parameter is not sent). We currently use Sophos as our MDM to manage iPhones, and there is indeed an option that specifies ‘Maximum password validity in days (1 to 730 or 0 for unlimited)’, and this works because the lock codes do not expire for us. In my view, this should therefore also be possible on the Mobicontrol side, but in that case I understand that it would require development and therefore a support ticket

RS
Rafael Schäfer
yesterday

At least looks for me like that.

I'm not an apple guy and also not from Soti so can't tell by sure but including your experience with Sophos it sounds like fitting my assumption. And i think it's worth mentioning for you, if you speak to your trial contact from Soti, if this is a "killing" missing feature, if they could make it happen (maybe even within the 730 days, so you can start with 730 days and when it gets in place, remove it), ideally soon as this change sounds relatively easy to implement but Soti can tell you that better than I😁.

Similar Discussions