Bad news for the users that are using Android devices and sometimes forget their passcode. Google is removing the ability for administrators and users to remotely reset the passcode of devices that are based on Android 7.0.
When using earlier versions of Android users could reset their passcode via the Company Portal website and admins could reset the passcodes via the Intune admin console. Is there a workaround for your users besides writing the passcode on the back of the mobile phone?
I think so! 😉 Let’s see…
So how do we support our users?
To investigate this, I was able to install a beta of Android 7 on a Nexus device to see what options there are to recover the passcode.
After enrolling the option to reset the passcode is indeed not working. When choosing the option to unlock the device it will generate an error; Passcode reset failed. So what can we do then?
Google themselves are also offering an option to change the lock screen and the password remotely via the Google Device Manager which can be found here. But when trying the option in the phone will be locked and lock screen will be changed with the text that is provided. Unfortunately the configured PIN is not set, so this option provided by Google themselves is also not working.. 🙁
So we don’t want to have this;
So basically currently no passcode recovery options are available…… 🙁
So how to prevent factory default with loosing all (private) data?
If you sync all of your private photo’s and movies and backup things regularly to Google Drive you don’t bother about resetting the device and start over. But if your company does not allow data to be synced to any cloud service or you do not trust the cloud enough to backup everything to it you are maybe screwed. or not?
Looks like Android is changing the experience for the user with the Android ‘work security challenge’. (without the need of Android for Work)
There is a new feature called the “work security challenge” and this feature lets administrators set separate, complex passcodes on users’ devices to protect specific work data, using Android profiles. Users can use simpler PINs or codes to access their personal data.
Administrators can set lock restrictions for specific apps, and administrators can choose to use different login screens so users visually know when they log into corporate services or not. See for more information about the new security features this article.
So using profiles we have the option / workaround to create two user profiles on the Android 7 device, one (the primary) for the private stuff and a new one for business stuff. By using the primary account for private stuff will allow you to remove the business account if you loose the passcode without loosing the private stuff. If you do not use the primary account as the private account you do not have the option to delete the business account if it is the primary one. Looking at the file system both profiles cannot access their data.
Lets see how this workaround works;
After creating the secondary user profile is created, you need to logon in the secondary account and enroll the device in Intune with the Company Portal.
So if a business user profile is useless since the passcode is lost, from the private user profile you are able to delete and recreate the business user profile without needing to reset the complete device.
Let’s see what Google will do, the lack of the passcode reset support can be very nasty for the users and cause unnecessary removal of data. My advise is to test Android 7 firmly and advice your users to wait updating until you have verified a working solution for your users.
Microsoft Intune will give a zero day support for Android 7.0, Company Portal version 5.0.3419.0 already supports the beta of Android 7.0.
Shane J Franks
April 12, 2019 @ 10:05
I use Airwatch MDM to administer our mobile devices.
This has become a right pain as almost all of our devices are currently having their PIN messed up by updates and then have to wipe the device as I cannot reset the PIN… This is ridiculous and is wasting our time as well as loosing a lot of our users data as not all are savvy enough to backup their data… Thanks for the info as I was wondering why i cant reset pass codes any more.
May 24, 2019 @ 15:23
it is a pain, Android Enterprise however will fix a lot of issues.