Updated 12/18/20 - A fix for this issue has been rolled out with the latest release of iOS 14.3.
We recently received a customer support case around compliance check behavior in iOS 14. The customer had a compliance policy set with a value for “Password expiration (days)”. Prior to iOS 14, devices would prompt the end user to change the device passcode, and provided they changed it, then the policy condition was met and there was no break in resource access. In iOS 14 and higher, the devices are not prompting the user for the passcode change but are properly reporting the expiration to Intune. The device, per the policy setting, then becomes non-compliant and ultimately users are blocked from resources protected by conditional access requiring a complaint device.
Apple has acknowledged this change in behavior and plans to address it in an upcoming release, and we’ll update this post when new information is available.
Currently, there are two mitigation approaches:
Advise users to manually change the device passcode via Settings in iOS:
Open Settings applications
Scroll down to “Touch ID & Passcode” or “Face ID & Passcode select”
Complete passcode prompt with the current passcode
Scroll down and select Change Passcode then complete prompt.
Once change, user can open Company Portal, select device, then Check Status to have the compliance state updated.
Use Remove passcode to trigger user to set a new passcode: