7.5 Editing Mobile Security Policy Settings

Based on the security level selected while creating a Mobile Security policy, the settings as predefined by ZENworks can be viewed or edited by performing the steps elaborated in this section.

7.5.1 Procedure

  1. In ZENworks Control Center, navigate to the Policies section.

  2. Click the Mobile Security Policy whose content you want to edit.

  3. Click the Details tab, and edit the settings.

    Corporate/Personal: The settings in the Corporate column are applied to devices whose ownership is defined as Corporate. The settings in the Personal column are applied to devices whose ownership is defined as Personal. The settings use the following values:

    • Yes: Enables the setting.

    • No: Disables the setting.

    • Inherit: Inherits the setting value from other Mobile Security policies assigned higher in the policy hierarchy. For example, if you assign this policy to a device, the setting value is inherited from any Mobile Security policy assigned to groups and folders of which the device is a member. If a setting value is not inherited from another Mobile Security policy, the device’s default value is used.

    • Numeric value: Configures the setting with the numeric value provided by you.

    Platform Support: The platform columns show support for a setting. The platforms are:

    • Android

    • iOS

    • ActiveSync

    Password: The Password settings are listed in increasing order of complexity (strictness). If more than one setting applies to a device, the more complex (strict) setting is enforced. Using the example values provided in the table below, the following settings would be applied:

    • Android: The Require numeric complex password setting for Android 5.0 and higher.

    • iOS: The Require simple password setting.

    • ActiveSync: The Require simple password setting.

    Setting

    Description

    Example

    Platform Support

    Require password

    Requires a password to unlock the device.

    Yes

    Require biometric weak password

    Requires at least low-security biometric recognition technology that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000).

    No

    Require simple password

    Allows the password to include repeating characters such as (0000) or sequential characters such as (abcd).

    This setting behaves differently on Android and iOS devices. For Android devices, the strictest rule gets applied. However, for iOS devices, the rule that is applied is cumulative of all the set rules.

    Yes

    Minimum password length

    Specifies the minimum number of characters required for the password.

    8

    Require numeric password

    Requires the password to contain numbers. Other characters (letters and symbols) are optional.

    No

    Require numeric complex password

    Requires the password to contain numbers, with no repeating numbers (4444) or sequential numbers (1234). Other characters (letters and symbols) are optional.

    Yes

    Require alphabetic password

    Requires the password to contain letters (or symbols). Other characters (numbers) are optional.

    No

    Require alphanumeric password

    Requires the password to contain letters (or symbols) and numbers.

    No

    Require complex password

    Requires the password to contain letters, numbers, and symbols.

    Inherit

    Minimum complex character types

    Applies only if Require complex password is set to Yes or Inherit.

    Specifies the minimum number of character types the complex password must contain. Character types are defined as:

    • Lowercase alphabetical characters

    • Uppercase alphabetical characters

    • Numbers

    • Non-alphanumeric characters

    2

    Minimum complex characters required

    Applies only if Require complex password is set to Yes or Inherit.

    Specifies the minimum number of characters required for the complex password.

    2

    Minimum letters required

    Applies only if Require complex password is set to Yes or Inherit.

    Specifies the minimum number of letters that must be included in the complex password.

    1

    Minimum numbers required

    Applies only if Require complex password is set to Yes or Inherit.

    Specifies the minimum number of numbers that must be included in the complex password.

    1

    Minimum lowercase letters required

    Applies only if Require complex password is set to Yes or Inherit.

    Specifies the minimum number of lowercase letters (abcd) that must be included in the complex password.

    1

    Minimum uppercase letters required

    Applies only if Require complex password is set to Yes or Inherit.

    Specifies the minimum number of uppercase letters (ABCD) that must be included in the complex password.

    1

    Minimum nonletters required

    Applies only if Require complex password is set to Yes or Inherit.

    Specifies the minimum number of numbers or symbols that must be included in the complex password.

    2

    Require password expiration

    Requires the password to expire within a specified number of days.

    Yes

    Password expiration (days)

    Applies only if Require device password expiration is set to Yes.

    Specifies the number of days after which the password expires and must be changed. For example, if set to 30, the password expires after 30 days and must be changed.

    30

    Require password history

    Requires a history of used passwords to be stored in order to prevent immediate reuse of passwords.

    Yes

    Number of passwords stored

    Applies only if Require device password history is set to Yes.

    Specifies the number of passwords stored in the history. For example, if set to 5, the last 5 passwords cannot be reused.

    3

    NOTE:In this policy, even when you specify the minimum password length as a value that is less than 6, an iOS device (version 11 or newer), to which this policy is assigned, prompts for a password length of minimum 6 characters. However, the device accepts a password length that is less than 6 characters, as specified in the policy.

    Encryption: Not all Encryption settings apply to all device platforms. In addition, the setting support can vary from version to version within a platform.

    Setting

    Description

    Platform Support

    Require encryption on the device

    Requires content stored on the device to be encrypted.

    Require encryption on the storage card

    Requires content on the storage card to be encrypted.

    Device Inactivity: Not all Device Inactivity settings apply to all device platforms. In addition, setting support can vary from version to version within a platform.

    Setting

    Description

    Platform Support

    Require inactivity lock

    Requires the device to be locked after it has been inactive for a specified period of time.

    Maximum inactivity timeout (minutes)

    Applies only if Require inactivity lock is set to Yes.

    Specifies the maximum number of minutes the user can set for the inactivity lock. For example, if set to 5, the user can set the inactivity timeout up to 5 minutes.

    Wipe device on failed number of unlock attempts

    Wipes the device data after a specified number of failed attempts to unlock the device.

    Maximum number of unlock attempts

    Applies only if Wipe device on failed number of unlock attempts is set to Yes.

    Specifies the number of failed attempts to unlock the device that is allowed before the device data is wiped. For example, if set to 10, the device is wiped after the 10th failed attempt.

    Configure time period after which passcode is required

    Enables you to define when a passcode is required after a period of inactivity.

    Display the passcode screen on unlock

    Displays the passcode at the specified time period, after a period of inactivity. For example, if set to After 5 minutes, the passcode is displayed after 5 minutes of inactivity.

  4. Click Apply.

  5. Click Publish to display the Publish Option page. In this page you can publish the modified policy as a new version of the same policy or as a new policy.

For more information on the Profile Security tab, see Securing the Device.