Forum Discussion
Cannot wipe iPhone from Intune
Hi!
I have Corp enrolled iPhone fully managed with DEP and Enroll with User Affinity.
It works fine except when I try to wipe a phone.
iPhone 13 with iOS 17.3
If I restart the phone without signing in with PIN-code, all I can do from Intune Admin Center is restart the device.
If I try to wipe, nothing happends until I login to the phone with the PIN-code. Then it starts the wipe.
Same thing with Remove Passcode, nothing happens before I login with PIN-code.
Is this by design?
It's a problem when employe leave the company without handing us their PIN-code.
8 Replies
PatrikStar73, here is another option. This will reset/recover any iPhone. I never have the pin for staff iPhones coming back to It Ops. The iPhone still needs to be removed from Intune. https://support.apple.com/en-us/118430.
Oops. Just saw I already responded below.
- I wipe the iPhone using this process: https://support.apple.com/en-us/HT204306
First, you do not need the PIN to wipe a corporate owned device that is managed. Do not retire it when they leave if the device is corporate, just wipe it. BEFORE you wipe it, go to Hardware and get the Activation Lock ByPass Code! If not you will need to call Apple if they logged in with their ID.
Option 1 - Plug the phone in a Mac Mini, launch Apple Configurators 2 and wipe the device. DONE
Option 2 - The device wants a pin to get access before you wipe it. Put the device in Recovery Mode manually, plug it into a Mac Mini and wipe it.
IF the user logged into Apple with their Apple ID.
1 Never let them do this as they may be able to restore the data elsewhere since it is their ID
2 You will need to call Apple and have then release the device to you since they put it under their ID. Typically a screen shot from your ABM screen works as proof.
Hi PatrikStar73,
The described behavior aligns with the expected protocol. In fully managed devices, Intune necessitates user authentication (such as entering a PIN code) to execute actions like wiping or altering the passcode. This security measure is implemented to prevent accidental modification or deletion of sensitive data by unauthorized users.
While this approach enhances security, it can be a problem when employees depart without providing their PIN codes.
In such scenarios, exploring alternative methods for device management and data protection can be a good option:
Company Portal App:
Use the Company Portal app on the enrolled device to initiate a factory reset. Sign in with the work or school account, select the device, and do the factory reset.Retire Devices:
If an employee leaves without sharing their PIN code, use retiring the device from Intune management. This action removes the device from management, ensuring data protection while retaining user accounts and data.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)- Thank you for the respond.
But how can I access the company portal on the device if i don't have the PIN-code to login to the device?
And I am not sure how a retire will help me in this case?
The phone is still locked with a PIN.Hi PatrikStar73,
you're right, if you don’t have the PIN code, accessing the Company Portal app on the device to initiate a factory reset is not possible.Retiring the device from Intune management won’t unlock the phone. It will only remove the device from management and ensure data protection while retaining user accounts and data. The phone will still be locked with the PIN.
In such cases, you might need to contact Apple Support for further assistance.
It’s always a good practice to have employees share their device PIN or passcode before they leave the company to avoid such situations in the future.
