Did you know: there is a password reset token missing on some MDM-managed iOS devices (Intune)

Did you know: there is a password reset token missing on some MDM-managed iOS devices (Intune)

Intune recently shared a known issue in MC203629, whereby about 1% of devices Intune enrolled with iOS 13+ do not return the token needed to allow a passcode reset. Apple has now addressed the bug in 13.3.1 and higher, however, simply updating to 13.3.1 cannot fix already-enrolled devices. Devices without a password reset token will need to update to 13.3.1, then unenroll and reenroll in the service.

How does this affect me?

Your end users will only run into this if they enrolled into Intune with iOS 13+, forget their passcode, and need to reset their passcode. If the owner of the device never needs to remove or reset the passcode using Intune, there’s no issue. If the passcode for a device is lost and you have no method outside Intune to recover it, the device will have to be factory reset and enrolled again. Devices that got into this state were typically ones that had a user alias change or had a user account disabled and then re-enabled. When they went to enroll, they did not receive the token needed to allow a passcode reset. Therefore, Intune cannot reset the passcode on these devices, either through Microsoft Endpoint Manager Intune admin UI under Remove passcode setting or by the end user Reset Passcode setting at https://portal.manage.microsoft.com.

What action do I need to take?

– Run the PowerShell script linked to in “Additional Information.” This will give you the list of affected devices.
– Make sure your end user has a backup of their data from the device (typically through iCloud or another backup offer).
– Update the impacted devices to 13.3.1, then unenroll and reenroll the device.
– Rerun the PowerShell script. If the device still shows there, then you’ll want to completely wipe the device then reenroll.
– If the device is still on the report when you re-run it, the device is not in a good state. Apple recommends wiping wcontact usithout restoring a backup and then reenrolling again.
– Any devices still on the report after trying in this state after enrolling multiple times will need a ticket with Apple to investigate further.

If your looking to better streamline your mobile devices, please check out our Enterprise Mobility Enterprise solution.

If you’d like to schedule a free one hour consultation with someone from our enterprise mobility services team please contact us



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.