Skip to main content

Platform compatibility

macOSWindowsLinuxiOS / iPadOSAndroid

How to set it up

1

Configure screen lock

Set the Screenlock timeout to define how long a device can be idle before locking.
2

Set password requirements

Configure password strength and renewal settings. Available options vary by platform:macOS
  • Password strength and Allow simple (whether simple passwords are permitted)
  • Password renewal interval
  • Force password change at next login toggle
Enabling Force password change at next login is not recommended if admin accounts are managed by the Admin Management control — it will also enforce a password change for those accounts.
Windows
  • Password strength and Password renewal (under Password Settings)
On Windows, applying password length and complexity rules forces all accounts to change their password at the next sign-in.
iOS / iPadOS
  • Passcode strength
Android
  • Password strength and Password renewal
3

Configure PIN settings (Windows only)

Under PIN Settings, enter your Tenant ID (Windows Azure Active Directory Tenant ID) to enable PIN management. Then set PIN strength and PIN renewal.
If PIN settings are not configured, password policy applies to the PIN as well.
4

Select targeting

Choose which devices to apply the control to: all devices, specific device groups, or a custom target.

Modifying or removing the control

Disable the control from the profile settings. Disabling stops enforcement but does not remove existing configurations from devices.

How it works

macOS

Password and screen lock rules are enforced via MDM. The policy does not require an immediate password reset when first applied — renewal and strength requirements take effect at the next password change cycle.
Due to a macOS behavior, the screen lock value enforced by Primo may not appear grayed out in System Settings. Even if users appear to be able to select a different timeout, the MDM-enforced value always takes priority.
Implicit password requirements on macOS:
  • Cannot contain repeated sequences of the same character (e.g. sss, fff)
  • Cannot use consecutive identical characters
  • Certain keywords and easily guessable patterns are not allowed
Available on macOS 13 and later, except macOS Sonoma 14.0–14.2.

Windows

Password settings and screen lock are enforced via MDM policy. PIN settings require an Azure Active Directory Tenant ID and apply separately from the account password.
  • Password renewal: does not require an immediate reset — based on the last password modification date.
  • PIN renewal: forces the PIN update at the next login if it does not comply.

iOS / iPadOS

Passcode strength and screen lock settings apply to supervised iOS and iPadOS devices.

Android

Screen lock type, password strength, and password renewal are enforced on enrolled Android devices.

Troubleshooting

A new password is being rejected
  • Check for repeated characters (e.g. sss, aaa) or consecutive letters
  • Avoid reserved words or easily guessable patterns
  • Verify the password meets the configured length and complexity rules