Unable to unlock iOS or iPadOS devices via Administration Console after upgrading to 13.1

book

Article ID: CTX262076

calendar_today

Updated On:

Description

Unable to unlock iPhone/iPad from Citrix Endpoint Management administration console after upgrading to iOS/iPadOS 13.1+.

Note: No error message is displayed when command fails. The device ignores the command.

Resolution

For iOS/iPadOS devices enrolled but not yet upgraded (MDM-only, or MDM+MAM), follow these steps:

Before upgrading your iOS/iPadOS devices to 13.1+, upgrade to:
- XenMobile Server 10.10 RP4 / 10.11 RP1
- Citrix Endpoint Management (Cloud) 19.9.1
Upgrade one or two iOS devices to 13.1+ for testing.
Enroll the iOS device and verify unlock is working from Citrix Endpoint Management administration console.

For iOS or iPadOS 13.1+ devices already enrolled (MDM-only, or MDM+MAM), follow these steps:

Back up the device
Un-enroll the device following the steps below:

Unsupervised devices (MDM-only or MDM+MAM not including DEP/ASM/ABM) - Un-enroll using Secure Hub:

Launch Secure Hub
From the app, go to the “Menu” option on the top left of the screen
Select “Preferences”
On the Preferences screen, select “Accounts”
On the Accounts screen, select “Delete account”
On the delete account Dialog, select “Yes, Delete”

Supervised device - un-enroll from device:

From the device go to: Settings-> General-> Erase All Content and Settings (Warning: the steps will wipe the device completely)

After un-enrolling the device, proceed to re-enroll:

Using Secure hub for Unsupervised devices: https://docs.citrix.com/en-us/citrix-endpoint-management/device-management/apple/ios.html#enroll-ios-devices
Using Bulk enrollment: https://docs.citrix.com/en-us/citrix-endpoint-management/device-management/apple/ios-bulk-enrollment.html
Unlock command option should be available now

Note: re-enrollment is not mandatory. If the device is not re-enrolled, it will lose the ability to be remotely un-locked (the unlock command sent from CEM will be ignored).

Important
It is highly recommended to:

Regularly backup your devices
Ensure iCloud backup is configured on iOS and iPadOS devices
Install the XMS 10.11 RP1 or XMS 10.10 RP4 if you are planning to upgrade your devices to iOS/iPadOS 13.1+.

Problem Cause

Apple is tightening security, so Apple has changed the way the unlock token is sent to MDM in iOS/iPadOS 13.1+. Due to the changes, after upgrading an iPhone/iPad to iOS or iPadOS 13.1+, Citrix Endpoint Management may lose the ability to unlock devices which are passcode protected.

https://docs.citrix.com/en-us/citrix-endpoint-management/device-management.html

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"