Forum Discussion
Device passcode required - iOS - Mobile Application Management Policy
Hi all Hoping someone can assist. Been testing MAM with an iPhone on which I intentionally removed the passcode from the device. In MEM I created and App Protection Policy targeting Outlook o...
I am experiencing the same. Based on Navishkar reply, I would expect the same. MAM should allow the user to leave device without passcode and enforce PIN only when opening the MAM app. That is the whole principle of MAM.
In my case, iPhone 8 (iOS 14.0.1) with no device management at all (just wiped). Company has implemented MAM. Installed Teams. Tried to configure work account. Prompted to install Authenticator. Installed Authenticator. Received 2 Factor authentication request, approved it. Then, it continued to check on the App Status.. and then the message came up "Device Passcode Required - your organization requires you to enable a device passcode to access this app". I tried Outlook and received the exact same result. I do not have access to the InTune admin console. I do have access to another MDM tool (Workspace ONE). After doing some reading, I wonder if the device passcode requirement is linked to the the BioMetrics being allowed. Face ID or Touch ID can be allowed to access the MAM Apps. However, for that to take place, the MAM App has to talk to the OS on the device. If the device does not have Face ID or Touch ID set, then the Microsoft MAM app detects that, and requires it (?).
Need to think of a way to test that, without access to the InTune admin console.
Ricardo_PaX I have a user exhibiting this behavior after the 10/26/2020 update of Outlook. I'm interested in the "App PIN when device PIN is set"=Require I have set currently. I wonder if (provided this isn't a one-off) I set it to "Not Required" would the issue drop?
Edit: Updating all apps and restarting the iOS device fixed the issue.
