This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS User Enrollment isn't fully working

Hi,

we're experiencing some strange issues with the iOS User Enrollment for user owned devices (BYOD).

The devices are marked as not compliant with the message "No screen lock set", even there is definitely a screen lock set. Afterwards rolling out a user policy for adding the corporate M365 account fails as well. Installing apps on the other hand works fine.

When we enroll the same devices with device enrollment, everything works as expected even if we say the device is owned by a user.

Any idea, why this happens?

Thanks and regards,
Christian



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Gladys,

    Thank you for the clue. After adding a Password Policy the device is compliant now.

    Nevertheless I'm still unable to assign an email user policy. All I got is the message "Failed to apply the policy." in the policy overview of the device. I've also had a look at the log files. All I've found was the following.

    D | 2024/06/20 11:36:29:008 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300
    E | 2024/06/20 11:36:29:008 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:36:29:020 | Saved server info in keychain
    E | 2024/06/20 11:36:29:021 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    E | 2024/06/20 11:36:29:022 | No persisted locate command available.
    E | 2024/06/20 11:36:29:029 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:37:56:323 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300
    E | 2024/06/20 11:37:56:323 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:37:56:336 | Saved server info in keychain
    E | 2024/06/20 11:37:56:338 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    E | 2024/06/20 11:37:56:339 | No persisted locate command available.
    E | 2024/06/20 11:37:56:346 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:38:49:066 | getStatusUrlList: no 'SmcAppUrl' item in keychain, error -25300
    E | 2024/06/20 11:38:49:066 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    D | 2024/06/20 11:38:49:079 | Saved server info in keychain
    E | 2024/06/20 11:38:49:081 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file
    E | 2024/06/20 11:38:49:082 | No persisted locate command available.
    E | 2024/06/20 11:38:49:088 | No locate command is persisted at path: /var/PersonaVolumes/2705E169-4F10-4580-89FB-3F3BABED2480/Containers/Data/Application/DE61479E-911B-41DF-A1AA-84B4BCF9A1D1/Documents/locate_command_persistence_file

    Any idea?

  • Hi  ,

    Glad to know the compliance issue has been resolved.

    Is the issue with email user policy happening on all your iOS devices? Did you configure the email account as per the below documentation?

    Email account configuration (iOS user policy)

    You can also enable Remote Assistance on your Sophos Central, so we can further look into your configuration.


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Gladys,

    Just to confirm that I've configured email according to the documentation you've linked.

    For further investigations I'll answer your PM.

    Thanks and regards,
    Christian