Passcode Policy Payload

Payload that enforces password/passcode requirements on managed devices (length, complexity, rotation, etc.). Critical for securing device access and encryption keys.

What to Know

Passcode policies are the first line of defense against unauthorized physical access to devices and encrypted data. Strong passcode requirements prevent attackers from easily guessing or brute-forcing device access, while grace period settings balance security with user convenience. The passcode also protects FileVault encryption keys on macOS and enables data protection features on iOS, making it critical for overall device security.

Without enforced passcode policies, users often choose weak, easily guessable passwords like “1234” or reuse passwords across services. Compliance frameworks including NIST, CIS, and industry-specific standards require documented passcode policies and technical enforcement mechanisms.

Common Scenarios

Enterprise IT: Enforcing minimum 8-character alphanumeric passcodes with 15-minute lock screens on corporate devices accessing email, VPN, and cloud applications. IT adjusts policies based on device classification—executive devices may require stronger passcodes than general-purpose kiosks.

MSP: Implementing client-specific passcode policies that align with industry requirements. Healthcare clients may require 60-day password rotation while financial services clients enforce complex 10-character minimum requirements. MSPs document policy variations for compliance audits.

Education: Balancing security with usability by enforcing 6-digit numeric passcodes on student iPads while requiring more complex passcodes on faculty devices with access to student records. Schools typically use longer grace periods to reduce classroom disruption.

In Addigy

Addigy’s Passcode Policy configuration provides granular controls for length, character requirements, history, expiration, and grace periods. Addigy templates common policy configurations and validates settings to prevent impossible requirements. Admins can view passcode compliance status for each device and generate reports showing non-compliant devices.

When passcode policies change, Addigy provides user-facing notifications explaining new requirements and deadlines for compliance. Addigy tracks when users comply with updated policies and can escalate enforcement for devices that remain non-compliant after grace periods expire.