The Passcode MDM Profile provides access to a key that allows anyone to determine the maximum amount of failed login attempts before locking (macOS) or wiping (iOS/iPadOS) a device. Specific details on this key can be read in Apple's documentation found here.
In Addigy, this key is represented as Maximum failed attempts allowed before lock/erase
found within the Passcode MDM profile in our Catalog.
This key is a recommended security configuration by CIS, and as such, we implement this key with both our macOS and iOS/iPadOS Compliance benchmarks.
For macOS, the maximum limit is capped at 5. Once more than 5 attempts are made, the account will be locked.
For iOS/iPadOS, the maximum limit is capped at 6. Once more than 6 attempts are made, the device will be wiped.
If you would not like to include this key in your compliance benchmark, you can clone the benchmark and exclude it. Steps on how to do this can be read in this article: How to clone and customize Pre-built Benchmarks.
If you have any questions or concerns about this MDM key, please do not hesitate to reach out to our Support team.