Updated 12/18/20 - A fix for this issue has been rolled out with the latest release of iOS 14.3.
We recently received a customer support case around compliance check behavior in iOS 14. The customer had a compliance policy set with a value for “Password expiration (days)”. Prior to iOS 14, devices would prompt the end user to change the device passcode, and provided they changed it, then the policy condition was met and there was no break in resource access. In iOS 14 and higher, the devices are not prompting the user for the passcode change but are properly reporting the expiration to Intune. The device, per the policy setting, then becomes non-compliant and ultimately users are blocked from resources protected by conditional access requiring a complaint device.
Apple has acknowledged this change in behavior and plans to address it in an upcoming release, and we’ll update this post when new information is available.
Currently, there are two mitigation approaches:
Use Remove passcode to trigger user to set a new passcode:
Sign in to the Microsoft Endpoint Manager admin center.
Select Devices > iOS/iPadOS > Search for and select impacted user device .
Select Remove passcode, read and agree to the remove passcode by selecting “Yes”.
The passcode will be removed from the device, and the user will be prompted to set a new passcode per the requirements of your defined compliance policy.
Once the passcode is set, the user can open Company Portal, select device, then Check Status to have the compliance state updated.
Let us know if you have any additional questions on this by replying to this post or by tagging @IntuneSuppTeam out on Twitter.
Blog post updates:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.