My wife and I were at a show, and she took out her phone to silence the ringer and she got the attached message on the screen. Oddly, when we got home, her iPad and Apple Watches had the same message, but not her MacBook Pro. This message has never appeared before until now. She changed her passcode for each effected device, and all was well.
The devices she uses are all personal to her, i.e., not provided by her university employer, although she is connected to university servers (MS 365 and Exchange) for email, calendar, etc. Anybody know why this is happening or if there is a setting we can change to prevent it from happening in the future?
Even if they’re personal to her, if she has installed an employer’s certificate – to access their servers or apps for example – then I believe they can still force a passcode change (and wipe the device, for that matter).
Ok, any way to disable it or make adjustments to it? Do you know where this certificate is located?
If you go to Settings on iOS and search for “cert”, it’ll point you to General>About>Trusted Certificates
That said, I have seen that item invisible on at least a couple occasions – once I think because it was an employer-owned device, and the certificate settings weren’t made available to employees; and the other time because the device had no certificates. Not 100% sure though
Installing an mdm certificate with the right authorisations will give full control of the device to the employer. It’s probably a password change policy that’s intentional (or misconfigured for personal devices).
You might be able to get the details form the certificate under settings → General → VPN & Device management → Mobile Device Management should have a profile listed
select the profile and look at “more details”. It probably has change settings and so on listed under the “MDM” heading
What most users do not know is that these MDM certs basically hand over full control to the issuer, and allow them to see everything, change everything and delete everything.
My advice: if you want to see work stuff on your phone: get a work phone separate from your personal phone.
Thanks guys, but there’s nothing in the Device Management section on the Settings. I’ll investigate further, but in the meantime, any other ideas?
it could be to do with O365 enterprise settings for passcode duration
I’ve not worked with that enough to make a firm statement however.