Is my suspicion that the Maas360 app doesn't actually launch on the phone until after the user has signed in? This is for handsets that boot fully to the login screen before requiring any form of authentication, not for ones that require a password/PIN prior to boot.
Periodically we get handsets returned where the user has changed their password and not handed over the details when they leave[1]. In theory we should be able to start the handset, go into Maas and issue a password reset, but these never seem to go through. The policy keeps WiFi on, and SSID details for all of our work locations are forced onto the system so they will be able to connect even without a SIM, or if the SIM has been blocked by the time we get the handset back. So there
should be a route to the app, if it's running, but last check-in time doesn't update, and Message, Buzz, etc. all go nowhere.
Obviously if the app isn't running until after sign-in, then this is doomed to failure, so am I right, that this is the case?
If so, how do people handle this situation? Sadly we can't rely on a human system to obtain the information at handover for reasons beyond our control. We do now have factory reset protection with authorised accounts configured, but historically this aspect of the policy was configured incorrectly, and I currently have a device that I'm fairly sure is on the older policy version, locally, despite what Maas says on the web, so don't want to risk that yet - if I'm right and it's got the incorrect details, we'll never be able to get out of the reset protection loop.
[1] Which is another issue: I cannot find a way to stop this under Android Enterprise, and nor can I find a way to set a kind of secret admin master key (which does make sense from a security viewpoint, but is annoying)
------------------------------
Pete Croft
------------------------------