%3CLINGO-SUB%20id%3D%22lingo-sub-1523578%22%20slang%3D%22en-US%22%3EComing%20Soon%3A%20Outlook%20for%20Android%20support%20for%20Android%2010%20device%20password%20complexity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1523578%22%20slang%3D%22en-US%22%3E%3CP%3EAt%20the%20end%20of%20August%2C%20Outlook%20for%20Android%20will%20roll%20out%20support%20for%20the%20new%20device%20password%20complexity%20functionality%20included%20within%20Android%2010%20and%20later.%3C%2FP%3E%0A%3CP%3EWith%20each%20operating%20system%20version%20release%2C%20Google%20includes%20new%20APIs%20in%20which%20apps%20can%20target%20for%20supporting%20new%20functionality%20offered%20in%20the%20operating%20system%20release.%20Until%20apps%20target%20those%20APIs%2C%20they%20are%20not%20able%20to%20take%20advantage%20of%20that%20functionality.%20When%20Google%20announced%20Android%26nbsp%3B10%20and%20its%20latest%20API%20(API%2029)%2C%20they%20also%20announced%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Edeprecation%20of%26nbsp%3BDevice%26nbsp%3BAdmin%3C%2FA%3E.%26nbsp%3BPrior%20to%20targeting%20Android%2010%2C%26nbsp%3BOutlook%26nbsp%3Bfor%20Android%26nbsp%3Bused%26nbsp%3BDevice%20Admin%20to%20manage%20device%20password%20settings%20defined%20in%20an%20Exchange%20mobile%20device%20mailbox%20policy%3B%20for%20more%20information%20see%2C%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fmanageom%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EManaging%20Outlook%20for%20iOS%20and%20Android%20in%20Exchange%20Online%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EWith%20Outlook%20for%20Android%20targeting%20Android%2010%2C%20when%20a%20user%20launches%20Outlook%20on%20Android%2010%20and%20later%20devices%2C%20Outlook%20queries%20the%20device's%20(or%20the%20work%20profile's)%20screen%20lock%20complexity.%20Android%2010%E2%80%99s%20password%20complexity%20levels%20are%20defined%20as%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3EPassword%20complexity%20level%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3EPassword%20requirements%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ENone%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENo%20password%20requirements%20are%20configured%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ELow%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EPassword%20can%20be%20a%20pattern%20or%20a%20PIN%20with%20either%20repeating%20(4444)%20or%20ordered%20(1234%2C%204321%2C%202468)%20sequences%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EMedium%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EPasswords%20that%20meet%20one%20of%20the%20following%20criteria%3A%3CBR%20%2F%3E%3CBR%20%2F%3E-%20PIN%20with%20no%20repeating%20(4444)%20or%20ordered%20(1234%2C%204321%2C%202468)%20sequences%20with%20a%20minimum%20length%20of%204%20characters%26nbsp%3B%3CBR%20%2F%3E-%20Alphabetic%20passwords%20with%20a%20minimum%20length%20of%204%20characters%3CBR%20%2F%3E-%20Alphanumeric%20passwords%20with%20a%20minimum%20length%20of%204%20characters%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EHigh%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EPasswords%20that%20meet%20one%20of%20the%20following%20criteria%3A%3CBR%20%2F%3E%3CBR%20%2F%3E-%20PIN%20with%20no%20repeating%20(4444)%20or%20ordered%20(1234%2C%204321%2C%202468)%20sequences%20with%20a%20minimum%20length%20of%208%20characters%3CBR%20%2F%3E-%20Alphabetic%20passwords%20with%20a%20minimum%20length%20of%206%20characters%3CBR%20%2F%3E-%20Alphanumeric%20passwords%20with%20a%20minimum%20length%20of%206%20characters%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20Android%20determines%20that%20Outlook%20requires%20a%20stronger%20screen%20lock%2C%20then%20Outlook%20directs%20the%20user%20to%20the%20system%20screen%20lock%20settings%2C%20allowing%20the%20user%20to%20update%20the%20security%20settings%20to%20become%20compliant%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22OLAndroid10PWD.jpg%22%20style%3D%22width%3A%20711px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205529iFFE7BB87806AD8F0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22OLAndroid10PWD.jpg%22%20alt%3D%22OLAndroid10PWD.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAt%20no%20time%20is%20Outlook%20aware%20of%20the%20user's%20password%3B%20the%20app%20is%20only%20aware%20of%20the%20password%20complexity%20level.%3C%2FP%3E%0A%3CP%3EThe%20specific%26nbsp%3Bpassword%20complexity%26nbsp%3Bcriteria%20and%20conversion%20logic%20used%20for%20translating%20Exchange%20mobile%20mailbox%20device%20policy%20password%20settings%20to%20Android%2010%20password%20complexity%20levels%26nbsp%3Bis%20below%2C%20but%20is%20also%20documented%20in%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fexchange-activesync%2Fmobile-device-mailbox-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMobile%20device%20mailbox%20policies%20in%20Exchange%20Online%3C%2FA%3E%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3EMobile%20device%20mailbox%20policy%20setting%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3EAndroid%20password%20complexity%20level%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EPassword%20enabled%20%3D%20false%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENone%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EAllow%20simple%20password%20%3D%20true%3CBR%20%2F%3EMin%20password%20length%20%26lt%3B%204%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ELow%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EAllow%20simple%20password%20%3D%20true%3CBR%20%2F%3EMin%20password%20length%20%26lt%3B%206%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EMedium%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EAllow%20simple%20password%20%3D%20false%3CBR%20%2F%3EAlphanumeric%20password%20required%20%3D%20true%3CBR%20%2F%3EMin%20password%20length%20%26lt%3B%206%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EMedium%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EAllow%20simple%20password%20%3D%20true%3CBR%20%2F%3EMin%20password%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EHigh%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EAllow%20simple%20password%20%3D%20false%3CBR%20%2F%3EAlphanumeric%20password%20required%20%3D%20true%3CBR%20%2F%3EMin%20password%20length%20%26gt%3B%3D%206%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EHigh%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20change%26nbsp%3Bassociated%20with%26nbsp%3BAndroid%2010%26nbsp%3Bwill%20go%20into%20effect%20immediately%20once%20the%20version%20of%20Outlook%20for%20Android%20that%20targets%20Android%2010%20is%20updated%20at%20the%20end%20of%20August.%20For%20devices%20that%20are%20not%20upgraded%20to%20Android%2010%20(Android%209%20and%20below)%2C%20Device%20Admin%20will%20continue%20to%20be%20in%20use%20for%20managing%20the%20device%E2%80%99s%20password%20and%20there%20are%20no%20changes%20to%20Outlook%E2%80%99s%20use%20of%20Device%20Admin%20from%20a%20user%20experience%20perspective.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EWhat%20do%20I%20need%20to%20do%20to%20prepare%20for%20this%20change%3F%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EThere%20is%20nothing%20you%20need%20to%20prepare%20for%20this%20change.%20This%20may%20be%20a%20good%20time%20to%20review%20your%20current%20password%20policies%20for%20mobile%20devices%20and%20mobile%20apps.%20Our%20recommendation%26nbsp%3Bis%20to%20consult%20with%26nbsp%3Byour%26nbsp%3BMicrosoft%20account%20team%26nbsp%3Bon%20the%20right%20security%20solution%20for%26nbsp%3Byour%20organization.%20Depending%20on%20whether%20your%20devices%20are%20company%20owned%20or%20BYOD%2C%20the%20recommendation%20will%20vary.%26nbsp%3BOur%20recommendation%20is%20that%20administrators%26nbsp%3Bdo%20not%20rely%20on%20Exchange%20mobile%20device%20mailbox%20policies%2C%20but%20instead%20use%20a%20mobile%20management%20solution%20such%20as%20Microsoft%20Intune%26nbsp%3Bto%20set%20access%20requirement%20conditions%20appropriate%20for%20your%20organization.%20To%20learn%20more%20visit%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fstartoutlookmobile%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fstartoutlookmobile%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20also%20recommend%20that%20your%20users%20upgrade%20to%20the%20latest%20version%20of%20Android%20that%20is%20supported%20on%20your%20users%E2%80%99%20phones%20and%20tablets.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EAdditional%20resources%3C%2FFONT%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAndroid%20device%20admin%20deprecation%3C%2FA%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fintune%2Fandroid-fully-managed-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAndroid%20Enterprise%20fully%20managed%20devices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fandroid-work-profile-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAndroid%20Enterprise%20work%20profile%20devices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fappdpf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EApp%20Protection%20Policy%20Data%20Protection%20Framework%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fm365goldenconfig%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIdentity%20and%20devices%20access%20configurations%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fsecureom%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecuring%20Outlook%20for%20iOS%20and%20Android%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3ERoss%20Smith%20IV%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1523578%22%20slang%3D%22en-US%22%3E%3CP%3EAt%20the%20end%20of%20August%2C%20Outlook%20for%20Android%20will%20roll%20out%20support%20for%20the%20new%20device%20password%20complexity%20functionality%20included%20within%20Android%2010%20and%20later.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1523578%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emobility%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E

At the end of August, Outlook for Android will roll out support for the new device password complexity functionality included within Android 10 and later.

With each operating system version release, Google includes new APIs in which apps can target for supporting new functionality offered in the operating system release. Until apps target those APIs, they are not able to take advantage of that functionality. When Google announced Android 10 and its latest API (API 29), they also announced deprecation of Device Admin. Prior to targeting Android 10, Outlook for Android used Device Admin to manage device password settings defined in an Exchange mobile device mailbox policy; for more information see, Managing Outlook for iOS and Android in Exchange Online.

With Outlook for Android targeting Android 10, when a user launches Outlook on Android 10 and later devices, Outlook queries the device's (or the work profile's) screen lock complexity. Android 10’s password complexity levels are defined as:

 

Password complexity level

Password requirements

None

No password requirements are configured

Low

Password can be a pattern or a PIN with either repeating (4444) or ordered (1234, 4321, 2468) sequences

Medium

Passwords that meet one of the following criteria:

- PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences with a minimum length of 4 characters 
- Alphabetic passwords with a minimum length of 4 characters
- Alphanumeric passwords with a minimum length of 4 characters

High

Passwords that meet one of the following criteria:

- PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences with a minimum length of 8 characters
- Alphabetic passwords with a minimum length of 6 characters
- Alphanumeric passwords with a minimum length of 6 characters

 

If Android determines that Outlook requires a stronger screen lock, then Outlook directs the user to the system screen lock settings, allowing the user to update the security settings to become compliant:

 

OLAndroid10PWD.jpg

 

At no time is Outlook aware of the user's password; the app is only aware of the password complexity level.

The specific password complexity criteria and conversion logic used for translating Exchange mobile mailbox device policy password settings to Android 10 password complexity levels is below, but is also documented in Mobile device mailbox policies in Exchange Online:

 

Mobile device mailbox policy setting

Android password complexity level

Password enabled = false

None

Allow simple password = true
Min password length < 4

Low

Allow simple password = true
Min password length < 6

Medium

Allow simple password = false
Alphanumeric password required = true
Min password length < 6

Medium

Allow simple password = true
Min password

High

Allow simple password = false
Alphanumeric password required = true
Min password length >= 6

High

 

The change associated with Android 10 will go into effect immediately once the version of Outlook for Android that targets Android 10 is updated at the end of August. For devices that are not upgraded to Android 10 (Android 9 and below), Device Admin will continue to be in use for managing the device’s password and there are no changes to Outlook’s use of Device Admin from a user experience perspective. 

What do I need to do to prepare for this change? 

There is nothing you need to prepare for this change. This may be a good time to review your current password policies for mobile devices and mobile apps. Our recommendation is to consult with your Microsoft account team on the right security solution for your organization. Depending on whether your devices are company owned or BYOD, the recommendation will vary. Our recommendation is that administrators do not rely on Exchange mobile device mailbox policies, but instead use a mobile management solution such as Microsoft Intune to set access requirement conditions appropriate for your organization. To learn more visit https://aka.ms/startoutlookmobile

We also recommend that your users upgrade to the latest version of Android that is supported on your users’ phones and tablets. 

Additional resources

Ross Smith IV