How to use Intune to Remove a passcode from an iPhone

Recently I applied a new compliance policy to our corporate iPhones. This included the requirement that the passcode be changed occasionally. The time came to change my passcode. It was late at night. I typed in something twice and successfully changed it. However, in the morning the passcode I thought I had typed was not working. Obviously in my sleepy state I had successfully entered something else twice. Oh Joy.

My phone gave me a few tries with wait times between each one then a warning that if I reached 10 failures that I would have to reset the phone. For me setting up a new phone is like getting a new computer. I have a lot of apps, data and photos. Far more than the iCloud backup will hold so I knew I would be losing stuff. Probably not critical things but enough to be annoying.

Then I remembered seeing something in Intune that might do the trick.

Joining your phone to Intune

Your phones, whether personal or corporate need to have registered with Intune first or you won’t be able to do this. Fortunately mine was so I could immediately use the Remove Passcode feature of Intune. (see the next section)

To register your phone with Intune each phone will need to download and install the app Company Portal from the iTunes store. Once installed they will need to login with their Office 365/AzureAD account and then accept a bunch of prompts which will download the management profile.

This does not mean that the corporation now has access to everything on your phone. That will depend on the policy that the corporation has set for personally owned devices. Most often the corporation is only concerned about helping you configure your email profile, keeping the device up to date and being able to help you can back into it should you get locked out. Your situation may vary so before you join your phone make sure you know what the policy is.

The Company Portal app will walk you through the process. Basically you have to login, install the management profile and then adjust any settings that are required by your organization. There are a bunch of screens that are required to make this happen, perhaps 20+ but it’s really not complicated. Below I’ve highlighted the most significant steps.

Log in using your Office 365/Azure AD credentials and accept the terms of service.

Next you’ll get a couple of screens that describe what is going to happen. You’ll continue along and install the management profile.

A certificate from Apple will be installed. Be sure to install it and then Trust it as prompted. Finally you will need to bring your phone up to the current OS version and perhaps tweak a few settings. The app will let you know which ones and take you there.

You can click Check settings and the How to resolve this link to get instructions for what change is needed on your phone. Most often it will be that you need to set a more complex passcode to gain access to your phone than you are currently using. Eventually, you are Done!

Don’t worry it is far more complex to show all of the screenshots and explain the process than it is to do. When everything is showing pretty green checks hit that Done button.

   

How to remove the passcode using Intune

Log into https://portal.azure.com with an admin account. Launch Intune. Navigate to Device/All Devices and then select the phone that you want to remove the passcode on.

Press the Remove passcode button at the top of the page. It took my phone less than a minute before the passcode was gone. Then within another minute the Intune policy for my phone kicked in and I was asked to create a passcode. Voila, new passcode. This time created with a clear and awake brain.

Originally posted in 2018 this popular post was migrated over from our previous blog

Make your IT business better than the competition. Help for IT Pros, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit, 365 Security kit and more. https://www.thirdtier.net