What do schools that use DEP with iPads do, when a user forgets their passcode?

We deploy more than 600 iOS devices and are thinking of switching to DEP for easier distribution. However, during reviewing the DEP and issues that we currently have, we have stumbled upon an issue that we cannot solve and that is crucial if we want to switch to DEP. We have also opened up a bug report with Apple and are following up with them on this as well. I was just wondering if there are any schools that use DEP and have come across this issue, and how they solved it.

So, here it is:

Sometimes, users forget their passcode lock. With JSS, we can push out "Clear Passcode" command, that removes the clear passcode and requires the user to enter a new passcode, as set by our policy. However, if the user restarts the device, the entire device is encrypted along with the keychain, and the device does not connect to any Wi-Fi network, therefore it cannot receive the "Clear Passcode" command. With Apple Configurator, we could connect the locked device to Configurator, remove the MDM profile, and the device would unlock. However, this will be no longer possible with DEP. We have tried the Ethernet connectivity of the iPad and that works for now, but it is not an official way of doing it, and Apple may remove the possibility at any point in the future. The iOS device has to be able to connect to a Wi-Fi network so we can unlock it.

Steps to Reproduce:
1. Supervise an iOS device with Apple Configurator
2. Enroll the iOS device into a MDM
3. Set up passcode on the iOS device
4. Let's say the user of the device forgets the iOS passcode lock
5. Restart the iOS device and remember you don't know the passcode lock anymore
6. On MDM, push out a "Clear Passcode" command to the device
7. Because the device doesn't have Wi-Fi connectivity, the command will never reach the device

Expected Results:
After restarting the iOS device, it automatically connects to known Wi-Fi networks.

Actual Results:
After restarting the iOS device, it does not connect to any of Wi-Fi networks.

Thanks!

Page 3 / 3

This solution works: https://www.howtogeek.com/214259/how-to-reverse-tether-an-iphone-or-ipad-to-your-pc-or-mac/

Correction.... it did work but only for a small few.

With MacOS High Sierra, if Internet Sharing (or Content Caching with Internet Connection) is enabled on your Mac, all you need to do is connect the iPad to your Mac using Lightning cable and (though it might take some time) eventually your iPad should start communicating with the MDM and receive that Clear Passcode command.

Thank you so much @rfaruk .. this has worked perfectly and resolved the issue :-)

Hello,

I manage about 1400 iPad and it does not work for me.
I have an iPad in iOS 11.4.1 locked without wifi :
- I sent the clear passcode command.
- My mac is in high Sierra, I am connected to the wired network, I have enabled connection sharing and caching.
- When I connect the iPad with the cable lightning to my mac it appears on the iPad "unlock the tablet to use the accessory" and nothing happens on the iPad.
- The commands is already in pending in JAMF Pro
It happens very often that students forget their password and that the tablets are locked.
I strongly wish to maintain the homogeinity of the park in ios 11 and therefore do a DFU.
Did I do something wrong?

I am interested in any idea

Thank you in advance

All of our kids' passcodes are the same as their lunch codes, so we have them on file. If a kid were to change their passcode, and then forget it, they will receive a conduct violation for tampering with their passcode. This is kind of a deterrent to keep the kids from messing with them.

If for some reason a kid does change their code and forgets it, we would do as follows:
1. If it's still on Wi-Fi, clear the passcode by JSS.
2. If it's not on Wi-Fi, connect via Ethernet, then clear passcode by JSS.
3. If Ethernet fails, put iPad into DFU and restore the iPad. (The student will be held responsible for any lost class work)

That's it... the kid will get a working iPad back one way or another. FYI, our 1:1 iPad deployment is only for 5th through 8th grades.

@xavier.daleo The behaviour you're seeing is due to a change in the iPad settings (as of iOS 11.3?).

In order to allow iOS devices to use the USB connection (either with the USB->Ethernet adapter, or I'm assuming also with internet sharing), you need to disable the "USB Restricted Mode" (see attached screenshot).

You can find this in the "Restrictions" payload, at the bottom of the "Functionality" tab.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded