Skip to content

Repo sync for protected branch #5100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MandiOhlinger merged 7 commits into from
May 18, 2026
Merged

Repo sync for protected branch #5100

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7ef0a0b
Learn Editor: Update ref-device-restrictions-apple.md
beflamm May 14, 2026
fae34a8
Learn Editor: Update ref-device-restrictions-apple.md
beflamm May 14, 2026
53a9d53
Update ref-device-restrictions-apple.md
MandiOhlinger May 14, 2026
8e8d5de
Merge pull request #20202 from beflamm/docs-editor/ref-device-restric…
prmerger-automator[bot] May 14, 2026
165a7c9
Merge pull request #20203 from MicrosoftDocs/main
learn-build-service-prod[bot] May 14, 2026
46bd435
Merging changes synced from https://github.com/MicrosoftDocs/memdocs-…
May 14, 2026
af5f7ed
Merge branch 'main' into main639143769052177428sync_temp
MandiOhlinger May 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions intune/device-configuration/templates/ref-device-restrictions-apple.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Apple device restriction settings in Microsoft Intune
description: Add, configure, or create settings on iOS, iPadOS, and macOS devices to restrict features in Microsoft Intune. Create password requirements, control the locked screen, use built-in apps, add restricted or approved apps, handle bluetooth devices, connect to the cloud for backup and storage, enable kiosk mode, add domains, and control how users interact with the Safari web browser.
ms.date: 04/29/2026
ms.date: 05/14/2026
ms.topic: reference
ms.reviewer: beflamm, jayeren
ms.collection:
Expand Down Expand Up @@ -809,7 +809,8 @@ These settings use the [Passcode payload](https://developer.apple.com/documentat
> [!NOTE]
> The Intune UI for this setting doesn't separate the iOS and iPadOS supported values. The UI might be updated in a future release.

- **Password expiration (days)**: Enter the number of days before the device password must be changed, from 1-730.
- **Password expiration (days)**: Enter the number of days before the device password must be changed, from 1-730. When the password expires, users are prompted to create a new password. When the value is blank or set to **Not configured**, Intune doesn't change or update this setting.

- **Prevent reuse of previous passwords**: Restrict users from creating previous passwords. Enter the number of previously used passwords that can't be used, from 1-24. For example, enter 5 so users can't set a new password to their current password or any of their previous four passwords. When the value is blank, Intune doesn't change or update this setting.
- **Block Touch ID and Face ID unlock**: **Yes** prevents using a fingerprint or face to unlock devices. When set to **Not configured** (default), Intune doesn't change or update this setting. By default, the OS might allow users to unlock devices using biometrics.

Expand Down Expand Up @@ -874,7 +875,7 @@ These settings use the [Passcode payload](https://developer.apple.com/documentat
- **Block simple passwords**: **Yes** prevents using simple passwords, such as `0000` or `1234`. When the value is blank or set to **Not configured**, Intune doesn't change or update this setting. By default, the OS might allow simple passwords.
- **Maximum minutes of inactivity until screen locks**: Enter the length of time devices must be idle before the screen is automatically locked. For example, enter `5` to lock devices after 5 minutes of being idle. When the value is blank or set to **Not configured**, Intune doesn't change or update this setting.
- **Maximum minutes after screen lock before password is required**: Enter the length of time devices must be inactive before a password is required to unlock it. When the value is blank or set to **Not configured**, Intune doesn't change or update this setting.
- **Password expiration (days)**: Enter the number of days until the device password must be changed, from 1-65535. For example, enter `90` to expire the password after 90 days. When the password expires, users are prompted to create a new password. When the value is blank or set to **Not configured**, Intune doesn't change or update this setting.
- **Password expiration (days)**: Enter the number of days until the device password must be changed, from 1-730. For example, enter `90` to expire the password after 90 days. When the password expires, users are prompted to create a new password. When the value is blank or set to **Not configured**, Intune doesn't change or update this setting.
- **Prevent reuse of previous passwords**: Restrict users from creating previously used passwords. Enter the number of previously used passwords that can't be used, from 1-24. For example, enter 5 so users can't set a new password to their current password or any of their previous four passwords. When the value is blank, Intune doesn't change or update this setting.
- **Maximum allowed sign-in attempts**: Enter the maximum number of times that users can consecutively try to sign in before the device locks users out, from 2-11. When this number is exceeded, the device is locked. We recommend not setting this value to a low number, such as `2` or `3`. It's common for users to enter the wrong password. We recommend setting to a higher value.

Expand Down