Best Practice
A Balanced Approach
While each MSP must decide on this balance, Octiga recommends a balanced approach so that security is maximised without generating too many support tickets from your clients' employees who cannot access their emails. Further, it helps greatly if your clients find this balance palatable so that security is achieved without having to roll back the policy.
Octigas built-in Best Practice is designed to achieve this
Important Settings
Our suggested best practice and the very reasonable arguments for them
Require Device Encryption: ENABLED
This sounds more heavyweight than it is. Almost all modern devices support this and are a great way to ensure that if a mobile device is lost and the memory is accessed directly (via the SD card) that no data can be read.
Password Complexity: 4 Digits
A pin, pattern, thumbprint or passcode should be a must to protect sensitive email. We suggest not making this too onerous. Most will use our default four digits as traditionally personal pins are four digits and many people won't wish to change this, however, some MSPs/organisations may choose to run with 6
Device Lock: Enabled
A device must have an automatic lock that ensures that any user is quickly prompted for the security credentials (Pin/fingerprint) soon after obtaining the device
Allow Simple Passwords: Disabled
Many people will wish to use extremely simple pins such as 1234, 1111, 9999 so that frequent device access is simplified. This should be avoided, as mal actors will try these first. Not allowing simple pins is the most common reason that this policy will cause users to complain that they cannot access their mail after it is deployed. Our suggestion is to stick with one. It is a reasonable ask for the sake of security.