- Jamf Nation Community
- Products
- Jamf Pro
- Company owned mobile device backdoor password
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-03-2023 09:11 AM
Is there any functionality to allow a standard Admin password for a supervised iOS device? We have users that forget their self-set passwords on the Supervised devices. However, the Clear Passcode commands are not working because the device is locked and the WiFi/Cellular status is unknown.
We need a better solution for this... Devices shouldn't be able to be bricked, even off WiFi.
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-03-2023 10:51 PM
We solve this scenario by allowing connections to untrusted USB devices by a restriction set in advance to all devices. So you can attach a USB ethernet device to the iOS device and thus gain network access, so the clear passcode command can be processed. This may lower the device security a bit, but it's worth it for us to handle this scenario.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2023 05:59 AM - edited 02-06-2023 06:02 AM
That is not something Apple allows, and apple is very adamant about this stance. Apple views your organization the device, and the user owns the data. Your only option if a user forgets their pin is to connect the device to Apple Configurator and wipe it.
Though if a user has a device long enough to forget the pin, and long enough for them to not know the wifi/cell status of the device do they really need that device anymore?
You can provide network access via ethernet adapter, and USB if needed so a device can receive the MDM command to remove the pin. Providing you dont have this disabled with a configuration profile.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-03-2023 10:51 PM
We solve this scenario by allowing connections to untrusted USB devices by a restriction set in advance to all devices. So you can attach a USB ethernet device to the iOS device and thus gain network access, so the clear passcode command can be processed. This may lower the device security a bit, but it's worth it for us to handle this scenario.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2023 05:59 AM - edited 02-06-2023 06:02 AM
That is not something Apple allows, and apple is very adamant about this stance. Apple views your organization the device, and the user owns the data. Your only option if a user forgets their pin is to connect the device to Apple Configurator and wipe it.
Though if a user has a device long enough to forget the pin, and long enough for them to not know the wifi/cell status of the device do they really need that device anymore?
You can provide network access via ethernet adapter, and USB if needed so a device can receive the MDM command to remove the pin. Providing you dont have this disabled with a configuration profile.
