iphones has reset itself automatically

%3CLINGO-SUB%20id%3D%22lingo-sub-2444034%22%20slang%3D%22en-US%22%3Eiphones%20has%20reset%20itself%20automatically%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2444034%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20setup%20a%20few%20tenants%20with%20VPP%20tokens%20and%20apple%20business%20manager%20integration%20with%20intune.%26nbsp%3B%20Using%20ABM%20integration%20with%20intune%20is%20excellent%20to%20provision%20iphones%20-%20expecially%20when%20you%20purchase%20these%20iphones%20anywhere%20and%20using%20apple%20configurator%20to%20prepare.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20had%20three%20calls%20in%20the%20last%201-2%20weeks%20where%20users%20have%20woke%20up%20and%20they%20found%20that%20their%20apple%20iphone%20seems%20to%20have%20factory%20reset.%26nbsp%3B%20They%20are%20prompted%20with%20Hello!%26nbsp%3B%20either%20the%20user%20restored%20fromm%20backup%20or%20went%20through%20the%20process%20of%20setting%20up%20the%20iphones%20again.%20The%20three%20cases%20are%20as%20follows%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eiphone%207%2C%20ios%2014.X%2C%20provisioned%20via%20ABM%2FIntune%2C%20corporate%20apple%20id%3C%2FP%3E%3CP%3Eiphone%2012%2C%20ios%2014.X%2C%20provisioned%20via%20ABM%2FIntune%2C%26nbsp%3Bcorporate%20apple%20id%3C%2FP%3E%3CP%3Eiphone%207%2C%20ios%2014.X%2C%20enrolled%20via%20company%20portal%20app%2C%20non-corporate%20apple%20id%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Enone%20of%20them%20entered%20the%20pin%20incorrectly%20to%20initiate%20the%20automatic%20reset%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eare%20there%20any%20log%20files%20we%20can%20review%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2444034%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2465648%22%20slang%3D%22en-US%22%3ERe%3A%20iphones%20has%20reset%20itself%20automatically%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2465648%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F20136%22%20target%3D%22_blank%22%3E%40Suleyman%20Ali%3C%2FA%3Ehave%20your%20figured%20out%20what's%20causing%20this%3F%20I%20have%20the%20same%20issue%20for%20a%20user%20whose%20device%20i%20manage.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

We have setup a few tenants with VPP tokens and apple business manager integration with intune.  Using ABM integration with intune is excellent to provision iphones - expecially when you purchase these iphones anywhere and using apple configurator to prepare.

 

We have had three calls in the last 1-2 weeks where users have woke up and they found that their apple iphone seems to have factory reset.  They are prompted with Hello!  either the user restored fromm backup or went through the process of setting up the iphones again. The three cases are as follows:

 

iphone 7, ios 14.X, provisioned via ABM/Intune, corporate apple id

iphone 12, ios 14.X, provisioned via ABM/Intune, corporate apple id

iphone 7, ios 14.X, enrolled via company portal app, non-corporate apple id

 

none of them entered the pin incorrectly to initiate the automatic reset

 

are there any log files we can review?

 

 

10 Replies

@Suleyman Alihave your figured out what's causing this? I have the same issue for a user whose device i manage. 

no, we have not figured this out. I have reported to the Azure Intune team.
I have seen this when users just type their PIN code in incorrectly for x number of times. Are you sure this isn't the case?
no, this is not the case. Its possible it can be accidental, however, two of the users have said that it was like this in the morning. So nothing can be sure without reviewing the log files (if its possible)
You can always double check the Intune logs to ensure no admin wiped the device. Apart from that, there isn't much to do unfortunately, as the logs on the local device have been wiped.
yes, we checked that shortly after they reported and nothing there. We are looking to enhance the logging using the disagnostic logs where it would stream to a log collection service (like azure analytics)
oh wow, whilst posting this earlier, another user has escalated the same issue. This time the user has said that it was due to an update.

@Suleyman Ali I see where you said this behavior may be associated with an upgrade? Was this an IOS upgrade?

@Suleyman Ali 


Having been working with Apple DEP (now ABM) for the last 3 years, I can tell you that I have not seen any instance of a user reporting a device wipe / factory reset after an iOS update, Self-installed or MDM console pushed.

 

I can tell you that after an auto-update install for iOS, the user can get to the Hello screen, and go through some of the setup screens, but it always gets them back to their device with their apps.

 

Did the user go through the same 'SetUp' screens you have configured in InTune for your ABM / InTune integration?

 

If you have configured 6 items to 'Don't Skip' for the InTune MDM Profile and the user did not receive all 6, the device was not fully wiped.

 

Or, even simpler, did they see the 'Remote Management' screen?

Yes: The device was wiped.
No: The device was not wiped.

 

A full device wipe will reset everything, and the phone will start fresh and check with Apple Servers to 'Activate' the device.

 

If only 3 users out of a large deployment are experiencing this, I generally find that the reporting users did something different, or are not reporting the issue correctly. It may seem to have been wiped, but it wasn't really wiped.

 

Answer to your questions about the logs: 

Logs to review: for MDM console issued device wipe, you already mentioned that you checked. An Admin initiated wiped will show the admin username and the 'MDM Break' entry in the log on the day that the user reported it happened.

 

Also, does the Enrollment date in the console match the reported 'wipe' date? 

 

Device logs: Given that you are using ABM and AC2, I assume these are company owned devices. If you can get physical access to the devices, you can install Xcode on your Mac.

 

Open Xcode
Click on Window
Click on Device and Simulators
Allow the device to Trust the Mac (enter passcode on device)
Click on View Logs

 

If you see logs with a date prior to the date the user reported the wipe, then, the device was not wiped.

 

Hope this helps to first of all, determine if the devices were actually wiped.

 

 

 

 

Xcode is an excellent tip. After looking at this carefully and no more wipes since. we have looked at the devices historical inventory / issues and we noticed that the devices in question all had their screen replaced via a company called ismash.

So we increased the configuration where the device gets wiped after so many unsuccessful tries. we increased to 11 tfrom 5.

we are going to keep an eye on it.