IBM Security MaaS360

 View Only
  • 1.  Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Wed August 11, 2021 11:09 AM
    Classic dumb error, which I'm not sure was down to a failure to see the necessary policy options, or the fact that they weren't available when the policy was first set up some years ago.

    Anyway, I have in front of me some iPads that have been returned from the field. They are under MDM, enrolled via DEP, but the users were allowed to change the passcodes.

    Inevitably, some of them have.

    The iPads aren't connecting to WiFi until you sign in, and no-one can sign in because nobody knows the passcode. The units are WiFi only, no SIM.

    Because they're under MDM the old trick of hooking them up to iTunes via USB and doing a factory reset doesn't work - we have all of the original AppleIDs, which were kept confidential, so in were it not for the MDM issue this would be feasible.

    I've run out of ideas, and don't really want to consign a handful of iPads to the dustbin just because of a bit of stupidity.

    Is there any way to do an admin override or some kind for Maas, via USB?

    (And yes - current policies for issued devices do prevent the end user changing the passcode!)

    ------------------------------
    Pete Croft
    ------------------------------


  • 2.  RE: Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Thu August 12, 2021 02:38 AM
    Hi Pete
    Given that the devices are offline without an ability to control them remotely, your options do appear limited. 
    Here's a thread on Apple.com about this: https://discussions.apple.com/thread/7043940
    You could boot into Safe Mode in iOS (look for video on how to do this, I couldn't find an official Apple document). 
    However this might still apply the passcode lock. If it doesn't you could remove the control (again if not disabled in policy). 
    The only alternative I can think of is to perform a hard reset, which if not disabled in policy you could perform (not via iTunes) using a button combination (again search for this). 
    Failing this I would revert to the device vendor or Apple for further assistance. 
    Hope this helps
    Best

    ------------------------------
    Eamonn O'Mahony
    Technical Client Success Manager
    IBM Security
    Dublin, Ireland
    ------------------------------



  • 3.  RE: Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Thu August 12, 2021 10:36 AM
    Realistically, you will have to wipe the iPads.  If the iPads are still in DEP then they will still hook into your MDM at that point, but the iPads are still usable -- but the contents are most likely irrecoverable unless you can get them to connect to the last known WiFi.  If the iPads have iCloud backups then you can restore that when you re-activate them.

    If you want to wipe them, perform a "recovery mode" install, see this link: http://support.apple.com/en-us/HT201263 .  At the prompt choose RESTORE (not Update).   Please note bullet #4 in this process.  The iPadOS firmware can take over 15 minutes to download and if it does the device will reboot without updating the firmware.  If that happens, wait for the download to complete.  Once it completes, restart the process.

    ------------------------------
    Tim Faulk
    ------------------------------



  • 4.  RE: Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Thu August 12, 2021 12:50 PM
    Thanks both - hard reset is disabled in policy, but Tim's recovery mode install worked just fine.

    I'd previously tried to do a reset via iTunes which had failed dismally because of the MDM, but the comment about Restore finally kicked my brain into gear, so signing in to iTunes with the AppleID associated with the device and going through the Restore has got one of them back into service. No reason to suspect the others won't follow suit with similar treatment.

    Losing any data isn't a problem, fortunately - these are devices that are issued to delegates/students for long-term but temporary use, and when they come back they're just wiped, moved to a policy appropriate to the next project, and handed back out again to someone else. I still can't believe that the original policy didn't preclude the user changing the passcode, such a schoolboy error.

    Anyway, all back and running again, so it's another +1 for the community and -1 for the MDM provider, who congenitally failed to provide any useful input once more.

    ------------------------------
    Pete Croft
    ------------------------------



  • 5.  RE: Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Thu August 12, 2021 01:14 PM
    As far as the MDM goes, neither MaaS360 nor any competitive product can unlock a device that can't connect to the Internet.  That is the Apple design.  It makes sense as it would provide an administrator type override that could be exploited in the wild.

    Glad the recovery mode install worked.  We've had to use it many times for unhappy users (because we would usually find a user that has no iCloud backup and they wanted data off their device).  But, it is pretty reliable, albeit a bit confusing to do.

    - Tim


    ------------------------------
    Tim Faulk
    ------------------------------



  • 6.  RE: Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Fri August 13, 2021 03:29 AM
    Oh absolutely, I don't expect the MDM to be able to work miracles via the medium of magic pixies. The comment about Community vs. Supplier was merely a passive aggressive dig at the reseller who provides the client with their MDM licences and has branded the white-label platform. They have a "dedicated MDM support team" who, based on past experience, generally know less about the system than I do, often struggle to answer straight questions of the "Is this possible? If so, how ..." variety, in terms of policy options or particular features, and who when presented with the situation that's the subject of this thread just responded with "Oh, we think you're stuffed, we'll ask IBM" followed by a three week wait only to get a response which doesn't relate to the question asked. And not for the first time.

    It all just reminds me I should spend more time hanging out here ...

    ------------------------------
    Pete Croft
    ------------------------------



  • 7.  RE: Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Thu August 12, 2021 03:14 PM
    Pete

    Another alternative is to connect the iPads to an iMac running Apple Configurator (this will only run on a Mac) & wipe the device if you do not need the data.
    Apple Configurator will see Supervised (MDM) devices and Un- supervised (non MDM). There are options to upgrade the iOS if there is one available.
    You can also apply a template to push a WiFi profile. This might work to get access instead of wiping.

    ------------------------------
    Mark Ridgley
    ------------------------------



  • 8.  RE: Unknown passcode on offline managed device (iOS) - any solutions?

    Posted Wed July 20, 2022 09:12 AM

    No Joy.  Configurator will not allow you to add the Wifi profile because the phone is locked with a passcode.  Time to Wipe!



    ------------------------------
    Phil Sheldon
    ------------------------------