Disable "Restart and show password reset options"

Dear lord, I wish there was a way to disable this. I've had the same unfortunate experience. I had 3 Mac users in India lock their Macs this way, and I'm in the U.S. To say that it was a royal pain in the arse to deal with this is a huge understatement.

What galls me is that there is essentially no getting out of this locked state save for entering the firmware password. I don't know why Apple didn't provide some key command to make the Mac boot back up from its internal boot partition if this should happen. But they didn't. And to my knowledge there's no way to disable that infernal message that cheerfully encourages users to unwittingly brick their Macs.

A bit more background:

• The Password Policy payload sets maximum number of failed attempts, as well as minimum requirements for length and complexity.
• Prior to the initial enrollment, the two user accounts had passwords that didn't meet the criteria of the policy, and were prompted to be reset on first login after enrollment.
• Because of this issue, I ended up removing the MDM profiles (via the JSS), and resetting the passwords to meet the criteria, then re-enrolling.

Anything else I'm forgetting?

I'm starting to wonder if there's some bug in the Jamf forum. The last 2 posts seem to be related to a different thread/topic, not the one at the top. Can someone at Jamf check to make sure posts aren't being put into the wrong thread?

I think a better solution is to NOT use the firmware password. What happens when a user needs to restart? Shut down? Now they have to have a firmware password to get back in. Am I missing something?