Sign in Subscribe

MDM: iOS17.4 Drama - Stolen Device Protection locks MDM enrolled devices for 1 hour

MDM: iOS17.4 Drama - Stolen Device Protection locks MDM enrolled devices for 1 hour

My opinions are my own

When & why it was released, the latest issues with iOS 17, and how to avoid locking yourself out of devices as a result of turning it on with MDM…

With the first iOS 17.3 beta, and 17.3 release, Apple launched the ability to test out iPhone Stolen Device Protection. The feature comes afters The WSJ's emmy award winner Joanna Stern investigated a rise in iPhone thefts in public places like bars. Her report is available at the link below:

An iPhone Thief Explains How He Steals Your Passcode and Bank Account
Thieves are stealing iPhones, passcodes and thousands of dollars from their victims’ bank accounts. WSJ’s Joanna Stern sat down with a convicted thief in a high-security prison to find how—and how you can protect yourself. Photo illustration: The Wall Street Journal
The Wall Street JournalKeywords by Christopher Mims

🥷🏻 The approach typically saw attackers observing victims entering their passcodes before stealing their iPhones and then using that to immediately change their Apple ID password and lock the owners out of their accounts and even iCloud backups.

Notably, Joanna even interviewed an iPhone thief who was able to take more than $300,000 from victims using this attack.🤯

iPhone’s Stolen Device Protection introduces a cool-down period of 1 hour when changes to passcode, faceID, or other biometric authentication- SPECIFICALLY when away from “trusted places” i.e. home and work. It also includes a time delay for a second biometric authentication for certain sensitive actions.

🔐 How to turn on iPhone Stolen Device Protection?

🔸Make sure you’re on iOS 17.3+
🔸Open Settings
🔸 Swipe down and tap Face ID & Passcode (or Touch ID & Passcode)
🔸Find Stolen Device Protection tap Turn On Protection

Then this happened...

Intro to mobile device management profiles
MDM lets you securely and wirelessly configure devices, whether they’re owned by the user or your organization.
Apple Support

Apple announced that devices under MDM management with Stolen Device Protection turned on (the lastest OS 17.4 prompts end-users to enable Stolen Device Protection) - the user will receive an error when trying to anything below: 

🔸 Manually enroll their device in MDM
🔸 Configure a Microsoft Exchange account
🔸 Install a passcode or Microsoft Exchange profile
🔸 Install a declarative configuration

🛠️ To perform any of those actions, the user can temporarily turn off Stolen Device Protection. If the device is already enrolled in MDM, they can turn on Stolen Device Protection and MDM operates as usual.

💡
The ability to complete these actions will be delayed by an hour if the user is in an unfamiliar location.

As of iOS 17.4 beta 2, you no longer have to disabled Stolen Device Protection in order to enroll in Mobile Device Management (MDM) or configure an Exchange account, but if you're in an unfamiliar location you will be locked out for an hour.

About Author: Alex Mercer, Senior Sales Engineer Specialist at Ivanti, Inc, formerly MobileIron. Alex has direct experience with a wide variety of MDM providers, mobile threat tech, identity solutions, and certified apple & android expert.