Guided Access enrollment issues

Copper Contributor

We recently switched over our DEP enrollment process to use VPP to download the company portal and then using locked enrollment (guided access) to force the user to enroll their iOS devices into Intune.

 

We are running into a few issues, if the user is on wifi only (majority of our iPads) and for whatever reason leaves the WiFi network, they cannot reconnect to the network as there doesn't seem to be a wayto break out of the guided access mode. They are then presented with a screen that says "Guided Access is unavailable. Please contract an administrator" is there anything we can do at this stage other than connecting to a computer and wipe the device?

 

Another issue we are running into with some devices is they seem to be locked into guided access mode and unable to switch to Safari to download the management profile, the error they are presented with is "Could not add your device. Safari has been disabled, Please contact your administrator." I'm not sure what users are doing to get to this state, but is there any way to troubleshoot these devices other than wiping?

8 Replies

Hi @kkeirstead 

 

I have experienced the same issue on a number of occasions, I have found;

  • iOS OS  version needs to be >=12.0
  • Slower networks increase the frequency of the issue (testing over Ethernet does not have the same issue) 
  • Caching servers help reduce the issue by providing local content (if you have a Mac you can test this out)

You could try and capture xCode logs from a connected Mac shortly after the device starts up, hopefully there is enough time to accept any prompts before guided access kicks in.

 

,Andrew

 

Hi @AndrewDawson 

 

Thanks for your reply, but all of our issues are on iPhone and iPads, I don't believe there is a way to cache the servers for iPhones and iPads is there? All of the devices are coming directly from Apple and will have the latest versions of iOS or should be.

Hi @kkeirstead 

 

Use the Mac as a caching server for Applications, iCloud and iOS Update content on the local network.

 

Worth a try if you have one sitting around that can be connected to the same network.

https://support.apple.com/en-nz/guide/mac-help/manage-content-caching-on-mac-mchl3b6c3720/mac

 

,Andrew

Hi,

Did you ever get anywhere with this? We're now facing the same issue. Looking at migrating from Airwatch to Intune with brand new iphone 7's and this is really holding things up.

@kkeirstead  we are facing the same issue as well. Several ms cases have not led to a solution. Did you find a solution?


BR

Tim

@kkeirstead  anyone get round this issue yet, I have come across the same problem enrolling a couple of iPhones.

Hi I got this while enrolling an iphone 12pro max. anybody found a get around this. it breaks the whole "zero touch deployment" motto 

 

we are having the same issue. A user connected to the wifi and started the enrolling procedure. that user unfortunately left the site after it entered the homes screen without finishing the enrolling. now the user is unable to do anything e.g. connect to a wifi. we have asked the user to go back onsite and do a force restart to see if it kicks it off again.

otherwise, we have to redeploy the profile (wipe)