Meraki

Community

Password Change Lock - Profiles & Policies

Solved
Amy_e
Conversationalist
‎Apr 26 2019 1:59 PM
‎Apr 26 2019 1:59 PM

Password Change Lock - Profiles & Policies

Hello,

 

I'm trying to restrict the ability of users to change the Passcode, and I'm not having any luck.

Here's what I have setup as a test.

 

I have one Profile with Restrictions Enabled, with a lot of Restrictions, but I have the following setting OFF:

[ ] Allow modification of passcode settings

Scope is 'with ANY of the following tags';

Device tag 'TEST'

 

 

I made a security policy under Policies named 'PWD'. The only thing enabled is "Passcode lock"

 

 

I created a second Profile.

Scope is 'with ANY of the following tags'

No additional Restriction settings.

Wallpaper settings enabled. Lock and Homescreen. (Created this as visual test that Profile is pushed.)

Device tag 'TEST'

Policy tag 'PWD - violating devices'

 

 

Yet, I'm still able to change the Passcode. I first tried putting the PWD Policy on the TEST Profile, but for some reason, enabling a Policy Tag on this Profile, pushes the Profile off the device. That's when I read that you should create a second Profile for a Policy. After doing this, the TEST Profile is not pushed off the device, the PWD Profile is on the device, but I can still change the Passcode and the Wallpaper is not changed.

 

Additional Notes: This device is NOT DEP enrolled. This device is manually enrolled.

 

Is there something that I'm missing?

Thank you

 

Labels:
0 Kudos
1 Accepted Solution
Amy_e
Conversationalist
‎Apr 26 2019 3:04 PM
‎Apr 26 2019 3:04 PM

Hello, Friends

 

I've answered my own question. 

 

The "Allow modification of passcode settings" is under iOS Supervised Restrictions which states explicitly:

 

"About Supervision. 

These restrictions only have an effect when a device is in 'supervised' mode. This mode can only be enabled with DEP or Apple Configurator."

 

This iPad is not DEP enrolled or enrolled through the Apple Configurator.

Okay, thank you.

View solution in original post

4 Replies 4
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Apr 26 2019 2:20 PM
‎Apr 26 2019 2:20 PM

@Amy_e  Have you tagged the device with the "TEST" tag you have setup?  Be aware that tags in System manager are case sensitive. 

0 Kudos
In response to BlakeRichardson
Amy_e
Conversationalist
‎Apr 26 2019 2:21 PM
‎Apr 26 2019 2:21 PM

Hello, thanks for your response.

 

Yes, I've tagged the Test tag. I've also tried pushing just the Policy tag without the test tag and still no luck.

0 Kudos
In response to Amy_e
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Apr 26 2019 2:31 PM
‎Apr 26 2019 2:31 PM

If you go to the following can you see the device lists

 

 

Systems Manager > Settings > Your Test Profile 

 

If you scroll down to the bottom of this page you should see a list of devices that are in the scope of this profile.

0 Kudos
Amy_e
Conversationalist
‎Apr 26 2019 3:04 PM
‎Apr 26 2019 3:04 PM

Hello, Friends

 

I've answered my own question. 

 

The "Allow modification of passcode settings" is under iOS Supervised Restrictions which states explicitly:

 

"About Supervision. 

These restrictions only have an effect when a device is in 'supervised' mode. This mode can only be enabled with DEP or Apple Configurator."

 

This iPad is not DEP enrolled or enrolled through the Apple Configurator.

Okay, thank you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.