Resolved - Support Tip: iOS 14 fails compliance check when passcode expires

Published 11-06-2020 12:55 PM 7,054 Views

Updated 12/18/20 - A fix for this issue has been rolled out with the latest release of iOS 14.3.


We recently received a customer support case around compliance check behavior in iOS 14. The customer had a compliance policy set with a value for “Password expiration (days)”. Prior to iOS 14, devices would prompt the end user to change the device passcode, and provided they changed it, then the policy condition was met and there was no break in resource access. In iOS 14 and higher, the devices are not prompting the user for the passcode change but are properly reporting the expiration to Intune. The device, per the policy setting, then becomes non-compliant and ultimately users are blocked from resources protected by conditional access requiring a complaint device.


Apple has acknowledged this change in behavior and plans to address it in an upcoming release, and we’ll update this post when new information is available.


Currently, there are two mitigation approaches:

  1. Advise users to manually change the device passcode via Settings in iOS:
    1. Open Settings applications
    2. Scroll down to “Touch ID & Passcode” or “Face ID & Passcode select”
    3. Complete passcode prompt with the current passcode
    4. Scroll down and select Change Passcode then complete prompt.
    5. Once change, user can open Company Portal, select device, then Check Status to have the compliance state updated.
  2. Use Remove passcode to trigger user to set a new passcode:

    1. Sign in to the Microsoft Endpoint Manager admin center.

    2. Select Devices >  iOS/iPadOS > Search for and select impacted user device .

    3. Select Remove passcode, read and agree to the remove passcode by selecting “Yes”.

    4. The passcode will be removed from the device, and the user will be prompted to set a new passcode per the requirements of your defined compliance policy.

    5. Once the passcode is set, the user can open Company Portal, select device, then Check Status to have the compliance state updated.


Let us know if you have any additional questions on this by replying to this post or by tagging @IntuneSuppTeam out on Twitter.


Blog post updates:

  • 12/18/20: We have confirmed reports that a fix for this issue has been resolved with the latest release of iOS 14.3.

Just want to be clear it's only for iOS 14 or iOS 14 and above?

New Contributor

@Intune Support Team  Do we have any method to identify the list of devices that are nearing the passcode expiry?

Hi @Vadivelu B, thanks for the question! We've seen this occur on devices on iOS 14.0 and up so far. We are expecting a future beta build that should have a fix to test, and that will then roll into an iOS release. No timing or versions to share yet, but we’ll update this post when new information is available.

Hi @Dheeraj Oswal, thanks for the question! Unfortunately, the current iOS Passcode MDM payload protocol setting does not provide any details on the current passcode age or lifecycle in maxAge. We only get a report when the age has been exceeded.

New Contributor

@Intune Support Team  Could you please confirm if this issue is resolved with iOS 14.3 update?

Hi @Dheeraj Oswal, confirming that a fix for this issue has been resolved with iOS 14.3.

New Contributor

I'm still having users  running iOS 14.3 going into "Non compliance" because Company Portal does not alert them to update Passcode.

Regular Visitor

Same here. We are still experiencing issues.  Just submitted a ticket to MS.

@Joel Gonzalez - Thanks for the comment. There may be a different issue occurring on the affected devices or within your tenant. We've sent you a private message to learn more about the scenario and to provide additional assistance.


@jloredo0918 - Thanks for the feedback. We've followed up with you over a private message to provide additional assistance on your support case.

Senior Member


I can also confirm the issue is still present as well.  I have both an iOS device compliance and device restriction policy that match.  I can see users daily (with iOS 14.3) not being prompted to change their device passcodes.  In my test configurations, if I change the passcode expiration to a lower value, I'm prompted to change it.  


For others experiencing the issue, we have adjusted our policy to mark the device non compliant after 1 day, notifying the device owner, via email that instructs them to go to the Comp Portal app to check device status.  We include an email to the Service Desk for active follow-up to minimize impact.  All of our mobile access to O365 services are based on conditional access rules, which restricts access based on non compliance.  Hope this helps.  

Regular Visitor

I was told this is an issue with Apple.  Nothing MS could do.

Senior Member

@jloredo0918 Completely agree its an Apple related issue, but to note its been resolved is not accurate. 


iOS 14.4 has been released, so fingers crossed.  :) 


I did discover that if you reboot the device with an expired passcode (with device being marked as non compliant), it does prompt you to change it. 

New Contributor

@omie1376  I have also changed the time before it gets marked as non-compliant to 3 days, because these issues often happen during the weekend.


@jloredo0918 I am also hoping that iOS 14.4 may fix the issue, although it seems like Apple turns on security with every update - we will see. Thank you for the suggestion to reboot phone.

Senior Member

After updating my test devices to iOS 14.4 and once the device passcodes expired, each device prompted me to change the device passcode.  A good sign the issue may have been resolved.  

New Contributor

That's great news! Thank you for sharing.

Senior Member

From last week we noticed that some of the users device after updating OS version to 14.4 also marking devices as non-compliant. It will become compliant only after changing the passcode.

New Contributor

My supervised phone running 14.4 did ask me to change my passcode, like it used to. I have not heard of any other issues from any of my users. 

Occasional Visitor

I have several users running into this problem still. They are not receiving prompts on their devices to update their passcodes. Users are on iOS 14.4 

Occasional Visitor

I have version 14.4.2 on my IPhone XR and still didn’t get any notification that my passcode expired today, while I got immediately disconnect from my company assets. I would appreciate if this issue gets addressed asap. 

Senior Member

We also have had devices running 14.4.2 and experiencing the same issue , no passcode prompt.
Since the newest software is 14.5.1 -  can we confirm if issue is resolved with running the latest software?

Hi @Michael_Budai and @NicHu1805, thank you both for the feedback! Confirming that this issue has been resolved with the public release of iOS 14.3 and higher. If you continue facing an issue with your device's passcode not prompting as expected, please open a support case via the Microsoft Endpoint Manager admin center's Help and Support blade or any of the methods here, as this will help the team capture all the information needed to resolve the issue. Thanks!

Version history
Last update:
‎Dec 18 2020 09:24 AM
Updated by: