Filter
Top Products
22 Chapter 2 Creating and Deploying Configuration Profiles
To sign a profile, click Apply Signature in the Signature section of the General pane.
In the Configuration Signing window that appears, add the digital certificates necessary
to authenticate your signature. (Certificates in raw formats 1 and 12 are supported.)
Then select your private key file and click Sign. The certificate you select here isn’t
added to the device, and is only used to verify your signature. For information about
how to add certificates to the device, see “Credentials Settings” on page 25.
Once you sign a profile, you cannot modify it until you remove the signature.
Click Remove Signature in the General Pane to do so.
Passcode Settings
Use this pane to set device policies if you aren’t using Exchange passcode policies.
You can specify whether a passcode is required in order to use the device, as well as
specify characteristics of the passcode and how often it must be changed. When the
configuration profile is loaded, the user is immediately required to enter a passcode
that meets the policies you select or the profile will not be installed.
If you’re using both device policies and Exchange passcode policies, the two sets of
policies are merged and the strictest of the settings is enforced. See “Microsoft
Exchange ActiveSync” on page 6 for information about Exchange policies.
The following policies are available:
 Require passcode on device: Requires users to enter a passcode before using the
device. Otherwise, anyone who has the device can access all of its functions and
data.
 Allow simple value: Permits users to use repetitive characters in their passcodes.
For example, this would allow the passcodes to “3333” or “A4A4.”
 Require alphanumeric value: Requires that the passcode consist of both letters and
numbers.
 Minimum passcode length: Specifies the smallest number of characters a passcode
can contain.
 Minimum number of complex characters: The number of non-alphanumeric characters
(such as $, &, and !) that the passcode must contain.
 Maximum number of failed attempts: By default, after six failed passcode attempts,
the device imposes a time delay before a passcode can be entered again. The time
delay increases with each failed attempt. After the eleventh failed attempt, the
device is locked and must be reauthorized using iTunes. The value you select
determines how many failed passcode attempts can be made before the device is
locked and requires reauthorization. The passcode time delays always begin after the
sixth attempt, so if you set this value to 6 or lower, no time delays are imposed and
the device locks when the attempt value is exceeded. You cannot specify a value
greater than 11—the device always locks if the user fails to enter the correct
passcode 11 times in succession.