cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Tech Accelerator: Microsoft Intune Suite
Apr 11 2023 08:00 AM - Apr 12 2023 11:00 AM (PDT)
Find out more
SOLVED

Intune iOS Jailbreak false positives (Resolved)

Alo Press
Contributor

‎May 07 2021 03:29 AM - edited ‎May 09 2021 11:39 PM

‎May 07 2021 03:29 AM - edited ‎May 09 2021 11:39 PM

Intune iOS Jailbreak false positives (Resolved)

Recently we have witnessed a few detections of Jailbroken devices marked noncompliant by the Compliance policy but after the next Check-in or Compliance check the devices return to compliant state.. We have not had any detections for a long period and now got a few during a brief period which is quite worrisome regardless of reasons.

 

There are only a few possibilities what it could be related to:

  1. User has actually Jailbroken their device (not the case for my users)
  2. Intune has changed their detections with errors (did not spot relevant changes)
  3. Apple has changed something in their latest OS update (not likely as it is not wide spread)
  4. Some sort of malicious activity from advanced threat actors (highly unlikely)

 

There is no commonality between the devices either, there are various models of iPhone and iPad with different operating systems versions. And the users are not even in the same network or region. 

 

There are also big problems with compliance reporting over various reports, device Overview might have a status of Compliant but looking under the Device compliance menu for a specific device it might report the device as Not Compliant and that status is not just lingering for a brief time after Check-in and violation clear.. it has stayed like that for a time now..

 

I have contacted Microsoft Support regarding this but no word just yet, so not sure if I am the only one or is it some sort of blunder from detection side. Any ideas? 

7,591 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Alo Press (Contributor)
Alo Press

‎May 07 2021 06:43 AM

‎May 07 2021 06:43 AM

Solution

Re: iOS Jailbreak false positives?

Got some additional information on this and it looks like its a client side detection bug and the issue should most likely be fixed by Monday. Until then its possible to give the policy a grace period or any turn off the detection etc, up to everyone to decide.

This might mean that there is good change of required update for the Company Portal app.

Hope this information helped.

0 Likes
Reply
JaimeH_TS

‎May 08 2021 10:24 AM

‎May 08 2021 10:24 AM

Re: iOS Jailbreak false positives?

We also saw this on a few devices starting Wednesday, May 5th.  Un-enrolling and re-enrolling into Intune fixed the issue for us.

 

Microsoft has told us they have no idea why it's happening and have not heard of any other customers reporting this.  Did you get any confirmation of how/when the bug was going to be fixed?

 

@Alo Press 

0 Likes
Reply
Alo Press

‎May 08 2021 11:05 AM - edited ‎May 08 2021 11:07 AM

‎May 08 2021 11:05 AM - edited ‎May 08 2021 11:07 AM

Re: iOS Jailbreak false positives?

Hello @JaimeH_TS 

 

Thanks for replying! 

 

Yeah, we luckily only had very few devices falsely reporting Jailbroken status and we also re-enrolled some of them where others reported Compliant after a Compliance check and a Sync. I can also confirm that the issues started around 4th of May (or at least our first detection), I would guess after some sort of update either on the server side or Intune app (4.16.0) even though it looks like the last change has been on the 30th of April, which could have led Jailbroken status pop up significantly sooner but who knows. It could also be related to some Apple security updates that were released on the 3rd of May.

 

I talked to a Support guy who was already familiar with the situation and the issue was being worked on. From what I could gather they actually had done a hotfix on the server side to avoid further false reporting and were actively working with the issue, hopefully getting it fixed by Monday. I would keep an eye on the App Store for updated client for "fixed" status but some of this is just guessing, since there is no notice in the Intune Service Health page.

 

As far as I could tell there is actually some sort of bug with a Jailbroken status detection but not sure if it was actually on Microsoft part or there was something funky with Apple, did not dig around too much after talking to support.  

 

Hope this helps!

0 Likes
Reply
Alo Press

‎May 09 2021 11:38 PM

‎May 09 2021 11:38 PM

Re: iOS Jailbreak false positives?

Mobile Application Management (MAM) users targeted with an App Protection Policy on iOS devices can't access some apps
 
IT254590, Microsoft Intune, Last updated: May 9, 2021 10:18 PM
Start time: April 7, 2021 10:00 PM, End time: May 9, 2021 9:35 PM
Issue type: Advisory
StatusService restored
User impactMAM users targeted with an App Protection Policy on iOS devices couldn’t access some apps.
 
Latest message May 9, 2021 10:18 PM
 
Title: Mobile Application Management (MAM) users targeted with an App Protection Policy on iOS devices can't access some apps
User Impact: MAM users targeted with an App Protection Policy on iOS devices couldn’t access some apps.
More info: Users may have seen the following error message on iOS devices: “Alert - This app cannot be used because you are using a jailbroken device. Contact your IT administrator for help.”
Impact to users was varied. In some instances, users may have been asked to re-enroll the application. In another, users may have been denied access to corporate resources.
Final status: Following the deployment of our fix, we've confirmed that impact has been resolved.
Scope of impact: Your organization was affected by this event, and any user targeted with an App Protection Policy on iOS devices may have experienced impact.
Start time: Wednesday, April 7, 2021, 10:00 PM (7:00 PM UTC)
End time: Sunday, May 9, 2021, 9:35 PM (6:35 PM UTC) Root cause: A recent update to the Microsoft Intune App Protection SDK introduced an issue that mistakenly marked iOS devices as jailbroken.
Next steps: - We're reviewing our update procedures to better understand the App Protection SDK issue and to help identify similar issues during our development and testing cycles.
This is the final update for the event.
0 Likes
Reply