Forum Discussion

luvsql's avatar
luvsql
Steel Contributor
Jun 03, 2022

InTune password policy for personal disabling pattern and swipe options

I have a configuration policy setup for personally owned work profile Android devices.  I've tried various password types (not using Device Default as read that is going away) so now have it as "Password Required" but the personal side still has key Android features disabled, which it should never do on a Personally owned device.

 

How do we configure this so nothing is changed on personal side other than just requiring the device have any sort of password setup?

  • Oktay Sari's avatar
    Oktay Sari
    Iron Contributor

    Hi luvsql,  Also make sure that you check the Password settings below Work profile settings:

    These settings apply at the device level (the personal profile). 

     

    Remove every value or set is as you require. Then check Required password type. The default is At least numeric. Change this to what you want.

     

    When you configure a work profile, new settings for your work profile become available and you can configure these settings by going to (on Android)

    • Settings
    • Search for Work Profile
    • Click on Work Profile settings

    One of the important settings is called Use one Lock. When a personally-owned profile is enabled, "One Lock" is configured by default to combine device and work profile passcodes. This makes it more easy for users because now they can use the device passcode and don't need to enter a new pin when switching to work profile.

     

    If you want to know more about this, then check out my blog. I think it will help you: Android Enterprise Personally owned devices with a work profile and device PIN (allthingscloud.blog)

     

    Also did a video around the end-user experience on personal Android devices with work profiles. You can find the video in my blog or jump right to it

     

    Moe_Kinani hope you don't mind me jumping in 😉 

    • luvsql's avatar
      luvsql
      Steel Contributor
      If we can't change the One Lock setting to be disabled, then any setting we set for the work profile overrides the settings for the personal side. I've tried multiple types (Device Default which I've read is being deprecated, at least numeric then just to required) but any setting still has the swipe and pattern disabled on the personal side.

      Is the only way to have a personal side untouched and a work profile configured by having the user manually disabling the One Lock option?
      • Moe_Kinani's avatar
        Moe_Kinani
        Bronze Contributor

        Have you tried Low Security Biometric from Compliance Policy not Restrictions Config Policy?

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    Spoiler
    It has been awhile when I used this setting, but I think when you choose require password for Work profile - then you choose require for password type- MSFT will disable Pattern option, as it counted not a secure method.

    You can choose Low Security Biometric which should allow swipe pattern options. 
    Check screenshot attached!
    Hope this helps!

    Moe

Resources