This KB will guide you on how to create an MDM payload to set password settings for your end-users.
I would like to enforce secure passwords for my end-users, how do I do it?
In order to create an MDM payload for password settings, you will first navigate to Policies > Catalog > MDM Configurations and create a new Passcode payload.
As per our Recommended macOS Security Configurations, we have the following suggestions:
- Passwords do not Allow Simple Value - Disable “Allow Simple Passwords”.
- Password requires Alphanumeric Value - Require at least one letter and one number.
- Password History Restriction - Restrict reusing passwords to 3 unique passwords before reusing.
- Password Length Enforced - Require a minimum of 8 characters to a maximum length of 16.
- Password Complexity - Enforce at least two “Minimum Number Of Complex Characters”.
- Password Lock after Failed Login Attempts - 10 failed login attempts before locking the device (macOS).
An MDM Payload enforcing these suggestions will look like below:
Once, you are done setting up the MDM payload you can click Create Configuration, add the configuration to a policy, and deploy the changes.
- We recommend requiring the password after the device goes to sleep or the screen saver begins. This can be enforced via the Security & Privacy MDM Payload.
- We also recommend deploying a Password Manager to your users so that they can have unique passwords to the sites they visit and the applications they use. We have LastPass in our Public Software catalog, but if you prefer another password manager you can always deploy it via Custom Software.
Now your end-users devices are more secure!