Through Factorial IT, it is possible to enforce the minimum length, required complexity (uppercase letters, numbers, special characters) as well as the frequency of change for session passwords.

Session password renewal is managed by FleetDM and is triggered in two situations:

• When settings are modified in Factorial IT MDM
• A check is performed every 7 days on the device

On MacOS

• Renewal: The system does not require an immediate password reset when this feature is activated but is based on the date of the last modification. Password renewal will then be requested at regular intervals according to the requested configuration.
• Robustness: The system does not require an immediate reset but applies at the next password renewal. You can therefore combine renewal and robustness to ensure a quick update of all session passwords.

About the Screen Lock Policy

Due to a recent change in macOS, the screen lock value enforced by Factorial IT is no longer displayed on the device and is no longer shown as grayed out in System Settings.

This is a macOS-side behavior (UI only), not a change in Factorial IT.

Even though users may appear able to select a different screen lock timeout, the MDM-enforced value still applies and always takes priority.

On Windows

• Renewal:
  • PIN: The system forces the PIN update at the next login if it does not comply.
  • Traditional passwords: The system does not require an immediate password reset when this feature is activated but is based on the date of the last modification. Password renewal will then be requested at regular intervals according to the requested configuration.
• Robustness: The system does not require an immediate reset but applies at the next password renewal. You can therefore combine renewal and robustness to ensure a quick update of all session passwords.