Did you know: there is a password reset token missing on some MDM-managed iOS devices (Intune)

Did you know: there is a password reset token missing on some MDM-managed iOS devices (Intune)

Intune recently shared a known issue in MC203629, whereby about 1% of devices Intune enrolled with iOS 13+ do not return the token needed to allow a passcode reset. Apple has now addressed the bug in 13.3.1 and higher, however, simply updating to 13.3.1 cannot fix already-enrolled devices. Devices without a password reset token will need to update to 13.3.1, then unenroll and reenroll in the service.

How does this affect me?

Your end users will only run into this if they enrolled into Intune with iOS 13+, forget their passcode, and need to reset their passcode. If the owner of the device never needs to remove or reset the passcode using Intune, there’s no issue. If the passcode for a device is lost and you have no method outside Intune to recover it, the device will have to be factory reset and enrolled again. Devices that got into this state were typically ones that had a user alias change or had a user account disabled and then re-enabled. When they went to enroll, they did not receive the token needed to allow a passcode reset. Therefore, Intune cannot reset the passcode on these devices, either through Microsoft Endpoint Manager Intune admin UI under Remove passcode setting or by the end user Reset Passcode setting at https://portal.manage.microsoft.com.

What action do I need to take?

– Run the PowerShell script linked to in “Additional Information.” This will give you the list of affected devices.
– Make sure your end user has a backup of their data from the device (typically through iCloud or another backup offer).
– Update the impacted devices to 13.3.1, then unenroll and reenroll the device.
– Rerun the PowerShell script. If the device still shows there, then you’ll want to completely wipe the device then reenroll.
– If the device is still on the report when you re-run it, the device is not in a good state. Apple recommends wiping wcontact usithout restoring a backup and then reenrolling again.
– Any devices still on the report after trying in this state after enrolling multiple times will need a ticket with Apple to investigate further.

If your looking to better streamline your mobile devices, please check out our Enterprise Mobility Enterprise solution.

If you’d like to schedule a free one hour consultation with someone from our enterprise mobility services team please contact us



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.