Known issue with iOS/iPadOS passcode reset token

There's a known issue where some iOS/iPadOS 13 and newer devices enrolled in Microsoft Intune don’t return the token needed to allow a passcode reset. We first reported on this issue in the blog post, Support Tip: PowerShell Script now Available for iOS Passcode Reset Token Known Issue and noted in the Remove iOS/iPadOS passcodes documentation. Apple addressed the bug in OS version 13.3.1. However, we’re still seeing occasional impact on iOS/iPadOS devices with versions 13.3.1 and newer. This issue is very rare, but we recently received a case escalation that led us to revisit the reset token issue. We’re working with Apple to better understand why the passcode reset token is not issued or received as appropriate.

Perform the following steps to identify affected iOS/iPadOS 13 or newer devices and resolve this issue by unenrolling and re-enrolling the device:

1. Run the PowerShell script provided in the GitHub PowerShell Intune samples page to identify the list of affected devices.
2. Make sure the device user(s) have their data backed up from the device (typically through iCloud or another service).
3. Ensure that the impacted devices are updated to the most current OS version, then unenroll and re-enroll the device.
4. Rerun the PowerShell script. If the device still shows there, you’ll want to completely wipe the device then re-enroll.

Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.