Description
The Max Failed Attempts Before Erasing blueprint setting in Jamf Now under Security > Enable Passcode can cause devices to erase seemingly at random.
The erasure is not random but is due to repeated failed unlocking attempts with incorrect passcodes when a device has this MDM security setting enabled.
Jamf Now does not receive any indication that the device erased itself due to too many failed passcode attempts. The device record will continue to show as Enrolled in Jamf but it will need to be re-enrolled if there is no Jamf Now enrollment profile on the device.
Re-enrolling in Jamf Now
Devices that show in Jamf Now under Auto-Enrollment > View Devices should have enrolled when going through the setup assistant after being erased.
Devices that were enrolled via Open-Enrollment will need to be enrolled again, following the steps from the Jamf Now documentation.
Preventing Random Erasure
To prevent this from occurring in the future, determine if the Max Failed Attempts Before Erasing setting is something you want to continue to enforce. To disable the setting:
In Jamf Now, click Blueprints and select the desired blueprint.
Click Security and chose the -- option from the Max Failed Attempts Before Erasing drop down box.
Click Save Changes at the bottom of the page.
Note: The Unlock command can be sent to devices to remotely clear a device's passcode, allowing a user to unlock the device and avoid undesired erasure.