Company owned mobile device backdoor password

healthcareaa
New Contributor III

Is there any functionality to allow a standard Admin password for a supervised iOS device? We have users that forget their self-set passwords on the Supervised devices. However, the Clear Passcode commands are not working because the device is locked and the WiFi/Cellular status is unknown. 

We need a better solution for this... Devices shouldn't be able to be bricked, even off WiFi. 

2 ACCEPTED SOLUTIONS

user-dIrrpGXxza
Contributor

We solve this scenario by allowing connections to untrusted USB devices by a restriction set in advance to all devices. So you can attach a USB ethernet device to the iOS device and thus gain network access, so the clear passcode command can be processed. This may lower the device security a bit, but it's worth it for us to handle this scenario.

View solution in original post

AJPinto
Honored Contributor III

That is not something Apple allows, and apple is very adamant about this stance. Apple views your organization the device, and the user owns the data. Your only option if a user forgets their pin is to connect the device to Apple Configurator and wipe it. 

 

Though if a user has a device long enough to forget the pin, and long enough for them to not know the wifi/cell status of the device do they really need that device anymore? 

 

You can provide network access via ethernet adapter, and USB if needed so a device can receive the MDM command to remove the pin. Providing you dont have this disabled with a configuration profile.

View solution in original post

2 REPLIES 2

user-dIrrpGXxza
Contributor

We solve this scenario by allowing connections to untrusted USB devices by a restriction set in advance to all devices. So you can attach a USB ethernet device to the iOS device and thus gain network access, so the clear passcode command can be processed. This may lower the device security a bit, but it's worth it for us to handle this scenario.

AJPinto
Honored Contributor III

That is not something Apple allows, and apple is very adamant about this stance. Apple views your organization the device, and the user owns the data. Your only option if a user forgets their pin is to connect the device to Apple Configurator and wipe it. 

 

Though if a user has a device long enough to forget the pin, and long enough for them to not know the wifi/cell status of the device do they really need that device anymore? 

 

You can provide network access via ethernet adapter, and USB if needed so a device can receive the MDM command to remove the pin. Providing you dont have this disabled with a configuration profile.