Password Policies for Mac (macOS) Devices

Securing enterprise Mac devices is a very important aspect of managing them. A quality password acts as first line of defense in protection against unattended access and stolen/lost devices.

Scalefusion helps you define a password policy, that can be applied to the devices thereby forcing the users to create a password that complies with your organizational policies. In this document, we will walkthrough on how to configure and publish a password policy.

Password Policy

Creating a Password Policy

  1. Navigate to Enterprise > Passcode Policy and click on the Android, iOS and Mac tab.
  2. Enable Require Passcode to start defining the password policy.
  3. The table below show the Password options applicable for Mac (macOS) devices,
    1. Setting


      Known Behavior

      Require Passcode

      Enable this setting if you want to enforce a password.

      Select Passcode Type

      Choose between Numeric & Alphanumeric.

      Minimum Passcode Length

      Select a minimum passcode length that is enforced.

      Accepted values are between 6 to 15.

      Enforce Complex Passcode

      Select if you want the password to contain Symbols

      Select Password Expiry (in days)

      Select an optimal period after which the password should expire and user is enforced to set a password.

      Maximum Password History List

      Choose an optimal value on how often user can repeat the passwords once they expire.

      Maximum Failed Attempts to Factory Reset

      Select an optimal value for unsuccessful attempts after which the account will be locked.

      After maximum failed attempts, Mac device is locked & a message is shown that the "Account has been blocked, contact your administrator".

      Set Maximum Inactivity time

      Select a time interval of inactivity after which the device will auto-lock and ask for a password.

  4. Click SAVE once you have set the password policy.

Publishing a Password Policy

  1. Once you have created a password policy, you can publish it to the Device Profiles. To do so, navigate to Enterprise > Passcode Policy and click on APPLY.
  1. Select the Device Profile(s) where you want to apply the policy on and click on SUBMIT.
Please make sure that Allow Password Change is enabled under macOS Device Profile > Restrictions > Security & Privacy.

End User Experience

The Password policy takes effect or is enforced in the following two cases,

  1. When the users subsequently login to the Mac device.
  2. When the user attempts to Change Password from System Preferences.

How did we do?