iOS User Enrollment isn't fully working

Hi,

we're experiencing some strange issues with the iOS User Enrollment for user owned devices (BYOD).

The devices are marked as not compliant with the message "No screen lock set", even there is definitely a screen lock set. Afterwards rolling out a user policy for adding the corporate M365 account fails as well. Installing apps on the other hand works fine.

When we enroll the same devices with device enrollment, everything works as expected even if we say the device is owned by a user.

Any idea, why this happens?

Thanks and regards,
Christian

Top Replies

Gladys 2 days ago in reply to Christian Kämper +1 verified

Hi Christian Kämper , Glad to know the compliance issue has been resolved. Is the issue with email user policy happening on all your iOS devices? Did you configure the email account as per the below…

Parents

0 Gladys 9 days ago

Hi Christian Kämper ,

Thank you for reaching out to the Sophos Community forum.

Are the users using a Managed Apple ID when enrolling their personal devices? Before a user can enroll a personal iPhone or iPad, you must create a Managed Apple ID for them in Apple Business Manager. You may refer to the following user guide:

Use Managed Apple IDs in Apple Business Manager

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Christian Kämper 9 days ago in reply to Gladys

Hi Gladys,

Thanks for getting back. Yes we're using managed Apple IDs. And the enrollment itself seems to work. But afterwards the existing screen lock is not recognized, ending up with a non compliant device. The rollout of a user policy for a M365 account fails as well. Everything else we've tested, seems to work.

Best regards,
Christian
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gladys 8 days ago in reply to Christian Kämper

Hi Christian Kämper ,

Thank you for confirming. Do you have a Password Policy added to the User Policy? If you don't have this set up yet, try adding a password policy and see if it gains compliance with the device.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Gladys 8 days ago in reply to Christian Kämper

Hi Christian Kämper ,

Thank you for confirming. Do you have a Password Policy added to the User Policy? If you don't have this set up yet, try adding a password policy and see if it gains compliance with the device.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Christian Kämper 6 days ago in reply to Gladys

Hi Gladys,

Thank you for the clue. After adding a Password Policy the device is compliant now.

Nevertheless I'm still unable to assign an email user policy. All I got is the message "Failed to apply the policy." in the policy overview of the device. I've also had a look at the log files. All I've found was the following.

D | 2024/06/20 11:36:29:008 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300 E | 2024/06/20 11:36:29:008 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file D | 2024/06/20 11:36:29:020 | Saved server info in keychain E | 2024/06/20 11:36:29:021 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file E | 2024/06/20 11:36:29:022 | No persisted locate command available. E | 2024/06/20 11:36:29:029 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file D | 2024/06/20 11:37:56:323 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300 E | 2024/06/20 11:37:56:323 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file D | 2024/06/20 11:37:56:336 | Saved server info in keychain E | 2024/06/20 11:37:56:338 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file E | 2024/06/20 11:37:56:339 | No persisted locate command available. E | 2024/06/20 11:37:56:346 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file D | 2024/06/20 11:38:49:066 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300 E | 2024/06/20 11:38:49:066 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file D | 2024/06/20 11:38:49:079 | Saved server info in keychain E | 2024/06/20 11:38:49:081 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file E | 2024/06/20 11:38:49:082 | No persisted locate command available. E | 2024/06/20 11:38:49:088 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file

Any idea?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Gladys 2 days ago in reply to Christian Kämper

Hi Christian Kämper ,

Glad to know the compliance issue has been resolved.

Is the issue with email user policy happening on all your iOS devices? Did you configure the email account as per the below documentation?

Email account configuration (iOS user policy)

You can also enable Remote Assistance on your Sophos Central, so we can further look into your configuration.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Christian Kämper 2 days ago in reply to Gladys

Hi Gladys,

Just to confirm that I've configured email according to the documentation you've linked.

For further investigations I'll answer your PM.

Thanks and regards,
Christian
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel