Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10032
Views
4
Helpful
8
Replies

Reset passcode on iOS

adambdc
Community Member

‎10-07-2021 08:48 AM

I ran into my first glitch using Cisco MDM with iOS devices and it's a genuine concern.

I had an iPhone 12 device deployed for an employee that was let go this week and attempted to do a passcode reset to essentially lock the user out of the device. After nearly an hour hold time on the phone, a rep for Cisco informed me that you are only able to "clear passcode" for iOS devices and then you physically need the device in front of you to setup a new passcode. Obviously this wasn't an option for me with the device being hours away in the field. With all my Android enrolled devices, I'm able to reset the passcode and then check-in the device.

I opted to do a "Selective Wipe" for the device, in addition to locking the user out of logging into work related cloud apps. Is the selective wipe my only option going forward for iOS devices if I don't have the device physically returned on the same day?

Labels:
8 Replies 8

DjShroll
Level 2
Level 2

‎10-07-2021 12:17 PM

Hey Adambdc,

I'm also deploying a lot of devices to field staff. We opt to use a Lost-Mode command for these kind of scenarios since, as you point out, the passcode options are extremely limiting.

Hope this helps,

-Dylan

adambdc
Community Member
In response to DjShroll

‎10-07-2021 12:38 PM

Thanks for the reply. I just got the device back and noticed the Selective Wipe never took. I also wasn't able to get "Lost Mode" to successfully fire off either. This is pretty frustrating if a sudden change needs to be implemented.

0 Helpful

DjShroll
Level 2
Level 2
In response to adambdc

‎10-07-2021 02:15 PM

That is deeply troubling, especially for those of us with large remote deployments in play.... I've also had a couple of issues with commands not processing, profiles not installing, and some weird "undefined command" messages in my logs lately....

If you figure out why the commands aren't being processed I'd be very interested to hear about it.

0 Helpful

adambdc
Community Member
In response to DjShroll

‎10-07-2021 03:20 PM

Question: is any of your iOS devices being listed as "Supervised" under the Management area if you click into the device? I'm discovering I never fully did the Apple DEP enrollment and that could be preventing me from having more control. I'm going to dig into the issue deeper.

0 Helpful

T14
Level 3
Level 3
In response to adambdc

‎10-07-2021 05:46 PM

There are 3 ways to enroll iOS device in MDM. Company owned devices should ideally be enrolled via DEP, device enrollment is a decent alternative for BYOD and user enrollment is a joke and a pain to set up and manage.

0 Helpful

DjShroll
Level 2
Level 2
In response to adambdc

‎10-08-2021 06:39 AM

Adam,

Yea, you need the device to be in a Supervised enrollment status to do all the fun stuff. It's just SUPER!

All the best,

-Dylan

0 Helpful

Arthur Dent
Cisco Employee
Cisco Employee

‎10-08-2021 04:38 AM

So, a few things:

1. There isn't a passcode "reset" for iOS, there is only a "clear" passcode. As far as I can see, this doesn't need a supervised device, if Apple's website is to be believed, but it certainly WON'T work for a User Enrolled Device. An my colleague in support is correct: You can't systematically set a new passcode on the device remotely. That's an Apple restriction

2. It would be useful to know the connectivity of the device during the period that you needed to perform the reset: If the device was offline, no amount of coercing would achieve your requirements. Something that I've seen in the past

So, what could you have done? If the requirements was to lock the user out of the device, you could have placed the device into kiosk mode with some completely unrelated application. Notes, for example. This would have prevented the user from using the device whilst keeping the device online.

The other alternative would have been to have completely wiped the device (if the device was in DEP). The user would have been forced to have enrolled the device. The only downside to this is that you'd have lost visibility of the device.

adambdc
Community Member
In response to Arthur Dent

‎10-08-2021 07:15 AM

Thank you for taking the time to reply and explain a lot of this, it's much appreciated!

1. Thank you for clearing up the passcode situation. I was revisiting my prior steps with Apple Business to get DEP going to get the phone in "Supervised" mode. But based on what you are saying, it doesn't appear that will even be worth it if I'm unable to truly lock down the phone beyond clearing out the existing passcode?

2. Definitely understand the situation involving the device being offline (I learned that the hard way with an Android devices that need to be fully unlocked before you can reset a passcode).

While I did review kiosk mode, is that something that could get kicked off remotely or is that again a situation where you need the device in-hand?

Right now it appears my best option is to continue turning off access to work-related apps installed on the iOS device. Locking the device through the "Find My iPhone" is a 50/50 solution as they can easily gain access to the device again using the existing passcode.

Sounds like I'm going to be facing limitations on both Android and iOS regardless.

0 Helpful
Customers Also Viewed These Support Documents