Last updated: Dec 09, 2020 22:30
By Christopher Alton
Avoiding unintended passcode locking
Apple (iOS) Devices tied to a Mobile Device Management (MDM) solution like AirWatch, MobileIron, and XenMobile engage the passcode lock and then you can't use the device. This happens if a device is opened by an end-user and left idle until the lockout period for the MDM is reached. Perhaps you were getting coffee? Whatever the reason, once the passcode lock is engaged on iOS, the only option is for someone in the data center to go to the rack, pick up your device and enter the passcode manually.
Why is this a limitation?
Apple has very strong security and even law enforcement isn't happy about how hard it is to break into a mobile device if there's a passcode lock.
The best solution is to not use an MDM for testing devices. If that is not an option, the second best approach is to create a test profile that does not trigger device locking. Still not an option? Then set the passcode lock timeout in the MDM to the maximum time interval. This will reduce the likelihood of the passcode lock engaging. (Setting it to "immediately" will cause operational issues when opening the device.)
If you know that you will not be interacting with a device before the passcode lock period expires, simply close it. When devices are not left open and idle, the passcode lock will not engage.
Additionally, Perfecto Mobile Support can configure your cloud to automatically close idle sessions with devices with a time interval that would be less than the interval for the passcode lock set by your MDM. This can prevent accidental locking due to a distraction such as a phone call.
More details on supporting MDM profiles, can be found in our Support MDMs (Mobile Device Managers) and device passwords documentation.
Apple (iOS) Devices with pin/passcodes/passwords, without a MDM, can have the same symptoms as problem #1. If a device has a one of these locking methods, you will face the same issue as above.
If you must test with a pin/passcode/password, please follow these rules.
- Do Not set the device lock less than 15 minutes
Perfecto is not responsible for installing, configuring or maintenance of any customer MDM or customer installed certificate(s).
Still have questions?
Please let your Customer Success Manager know if you have any additional questions.