Thread Info
  • State Not Answered
  • Replies 4 replies
  • Subscribers 7 subscribers
  • Views 540 views
  • Users 0 members are here
Options
Suggested

iOS User Enrollment isn't fully working

Christian Kämper

Hi,

we're experiencing some strange issues with the iOS User Enrollment for user owned devices (BYOD).

The devices are marked as not compliant with the message "No screen lock set", even there is definitely a screen lock set. Afterwards rolling out a user policy for adding the corporate M365 account fails as well. Installing apps on the other hand works fine.

When we enroll the same devices with device enrollment, everything works as expected even if we say the device is owned by a user.

Any idea, why this happens?

Thanks and regards,
Christian

  • 0

    Hi  ,

    Thank you for reaching out to the Sophos Community forum.

    Are the users using a Managed Apple ID when enrolling their personal devices? Before a user can enroll a personal iPhone or iPad, you must create a Managed Apple ID for them in Apple Business Manager. You may refer to the following user guide:

    Use Managed Apple IDs in Apple Business Manager

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Gladys

    Hi Gladys,

    Thanks for getting back. Yes we're using managed Apple IDs. And the enrollment itself seems to work. But afterwards the existing screen lock is not recognized, ending up with a non compliant device. The rollout of a user policy for a M365 account fails as well. Everything else we've tested, seems to work.

    Best regards,
    Christian

  • 0 in reply to Christian Kämper

    Hi  ,

    Thank you for confirming. Do you have a Password Policy added to the User Policy? If you don't have this set up yet, try adding a password policy and see if it gains compliance with the device.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Gladys

    Hi Gladys,

    Thank you for the clue. After adding a Password Policy the device is compliant now.

    Nevertheless I'm still unable to assign an email user policy. All I got is the message "Failed to apply the policy." in the policy overview of the device. I've also had a look at the log files. All I've found was the following.

    D | 2024/06/20 11:36:29:008 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300
    E | 2024/06/20 11:36:29:008 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:36:29:020 | Saved server info in keychain
    E | 2024/06/20 11:36:29:021 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    E | 2024/06/20 11:36:29:022 | No persisted locate command available.
    E | 2024/06/20 11:36:29:029 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:37:56:323 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300
    E | 2024/06/20 11:37:56:323 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:37:56:336 | Saved server info in keychain
    E | 2024/06/20 11:37:56:338 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    E | 2024/06/20 11:37:56:339 | No persisted locate command available.
    E | 2024/06/20 11:37:56:346 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:38:49:066 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300
    E | 2024/06/20 11:38:49:066 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:38:49:079 | Saved server info in keychain
    E | 2024/06/20 11:38:49:081 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    E | 2024/06/20 11:38:49:082 | No persisted locate command available.
    E | 2024/06/20 11:38:49:088 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file

    Any idea?

Unfiltered HTML