2.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'


This recommendation pertains to the amount of time after the device has been locked that it may be unlocked without entering a passcode. Devices with TouchID enabled do not allow a grace period.

Setting the maximum grace period to immediately ensures that a locked device will never be accessible without TouchID or entering a passcode.


1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the Passcode tab.
4. In the right windowpane, set the Maximum grace period for device lock to Immediately.
5. Deploy the Configuration Profile.

See Also