Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Force iOS update with passcode bypass

Currently if you send a remote command to devices to download/install iOS update and restart the device, it does not work on a device with a passcode. The user must manually install the update or approve the update to install. For supervised devices, it'd be nice if this remote command was able to temporarily clear the passcode so the iOS could actually be installed and restart, it could then re-assign the passcode to the device after it restarts. Otherwise this remote command is only partly effective. It's great for classroom sets that don't have passcodes, but that's about it.

Comment
Order by:

Posted: by bpavlov

@CairoJXP I feel like this should be something that Apple addresses. That is, if a device is supervised and an MDM command it sent to the device to do an update, it should initiate the update. What you're proposing just sounds like there's a lot of room for error. For example, what if the command to clear the passcode fails, the MDM server would automatically attempt the next command which would be to update and then that part would fail as well. Of course, Jamf could perhaps work in some logic on the server side to try and get a successful command status before it ever attempts the next command, but that I'm guessing that would be a much larger undertaking and design of how they've got MDM working in Jamf Pro at the moment.

Like

Posted: by iPad_Sheriff

We have the same problem with our 1:1 iPads. The workflow I use is:

  • Send command to download update to device
  • After 24 hours, send remote command to clear passcode
  • Send command to update and restart devices

We have a config profile that requires passcodes on the 1:1 devices. Students will be forced to enter a new passcode after the upgrade. Of course this method isn't foolproof. Students are still able to ignore the upgrade notification, but it works if you catch the iPad while it it's at home before the student opens it for the afternoon/evening. If I knew how to schedule those commands, I'd do it overnight.

Like

Posted: by CairoJXP

@bpavlov I thought once upon a time on a previous version, there was some command that could be sent that did something along the lines of bypassing a passcode or something like that. I think you used to be able wipe iPads and not have to worry about the activation code bypass because it was automatically pulled and used whereas - at least in 10.9 and a few previous versions - you have to go to the activation code bypass and click the show bypass code before you can send a wipe command and have it successfully work. If you just wipe it without that extra step, upon setup of the device, you're prompted for the apple ID login info from the previous user. Either way though, if the command is sent, it should go through regardless of the passcode, especially if the device is supervised because supervision is supposed to give you more control of the devices, but clearly in this case it's limited.

@iPad_Sheriff I know exactly what you're talking about and I've thought about doing something along those lines, it just feels like more steps than I want. I've sent out an email to students saying it's okay to update and will pull our deferment from a config profile for them to do so, and/or I'll send the command that tells the iPad to download a specific iOS and have the students install it overnight and then follow up with those who haven't.

Like

Jamf would like to hear your feedback around Restrictions payload (computers and devices)