Forum Discussion
Mysterious DEP Device Wipe
StuartK73 Do you have the "Number of sign-in failures before wiping device" setting configured in the iOS restrictions profile? I suspect that the end-user entered the device passcode incorrectly too many times, especially if there's no log of it in Endpoint Manager. Failed authentication attempts against the AAD account would not cause the device to wipe.
- StuartK73May 15, 2020Iron Contributor
"Failed authentication attempts against the AAD account would not cause the device to wipe." - Even on the Intune Company Portal app? Do you have a reference to that info?
I have loads of Sign-in failures against the Intune Company Portal app around the same time as the password change, then the device re-enrolling.
Regards
- eglocklingMay 18, 2020Steel Contributor
StuartK73 Yes, the Microsoft Intune and Intune Company Portal apps do not define this, it is a configuration that can be deployed to managed devices that leverages the existing built-in OS feature. Once the config is deployed, it is the device itself that evaluates the failed device password (passcode) attempts, not the MDM agent. Failed sign-in attempts to the Company Portal would only affect the user account (eg. lock the account, block additional sign-ins from this device, whatever your organization has defined...). Do you have any compliance actions set that would be contributing to this behaviour?
- StuartK73May 20, 2020Iron Contributor
Hey buddy
On further investigation of the iOS Device Compliance and Configuration policies, I have noticed the following setting:
Password expiration (days): = 90
As roll-out was approx mid-February, 90 days would take it to mid-May, when the reset occurred.
Could this be the culprit?