Description
After sending an Unlock Device command to clear the passcode on a device, we see "Passcode Disabled" in the Data Protection tile of the device dashboard in Jamf Now.
When a blueprint has Security set to Require Passcode and the blueprint has the restriction for Prevent Changes to Passcode enabled, the Unlock device command can result in the following:
the passcode clears from the device
passcode disabled displays in red in the Data Protection tile in the device record's dashboard
the device does not prompt the user for a new passcode to be set
We will need to temporarily remove the Prevent Changes to Passcode restriction so the end user can set a new passcode and then we can reapply the setting.
Removing the Prevent Changes to Passcode Restriction
We can temporarily assign the device(s) with the 'Passcode disabled' message to a copy of the blueprint that does not have Prevent Changes to Passcode enabled*. This ensures none of the other devices on the blueprint are impacted by the change.
In Jamf Now, go to Blueprints and open the blueprint to which the impacted device(s) are assigned.
Click the blueprint name at the top of the middle panel to open a drop down menu.
Click Copy. In the side pop-up menu set a blueprint name and click Save Blueprint in the lower-right corner.
Click Devices in the middle panel and assign the impacted device(s) to the copied blueprint.
Click Restrictions and under the Security & Privacy section, uncheck Prevent changes to passcode.
Click Save Changes.
Once devices install the new blueprint, send an Unlock Device command.
When the Last Inventoried tile time updates in Jamf Now:
Press the sleep/wake button to lock the device.
Then immediately wake the device and unlock it.
The user should be presented with the prompt to set a passcode.
Re-assign devices back to their original blueprints.
*Note - the end user will have to re-authenticate for their email account if email is deployed through Jamf Now and the blueprint is changed.