Unlock Token in iOS 13

FileWave's MDM solution has the ability to unlock devices which are passcode protected. This can be very useful to recover devices without knowing the passcode set by students or users.

To achieve this, the device sends FileWave an Unlock Token, which is then sent back to the device with the ClearPasscode request. This ensures security as only the MDM solution where the device is enrolled can unlock the device - and access to user data.

Moving forward with security, Apple changed how this token is sent to MDMs in iOS 13: the token is sent only once during enrollment ; therefore it's extremely important to keep this token safe.

Apple recently clarified how this change would be effective: the device may still send a TokenUpdate message to the MDM server, but the message will not contain the token anymore.

Until FileWave 13.1.3, such a message (TokenUpdate without UnlockToken) was considered to be a message clearing the token ; therefore managing iOS 13 devices with a previous version can lead FileWave to clear stored tokens and then not being able to clear the device passcode.

It is therefore highly recommended to:

regularly backup your FileWave instance, to keep sensitive data like unlock tokens in a safe place
upgrade to FileWave 13.1.3 if you plan to upgrade your devices to iOS 13
ensure iCloud backup is configured on iOS devices

You also have the ability to defer software updates by deploying a restriction profile (more information in this KB article)

iOS BYOD and VPP License Assignment Change

iOS BYOD User Enrollment Overview

Managing BYOD User Enrollment

New Inventory Item -- Enrollment Type

Apple ID prompt still appears even when Activation Lock Bypass Code is used during Remote Wipe

FileWave iOS Kiosk (IPA) Location Tracking Problem

iOS 12+ Profile Installation Failed

Customizing iOS Device Wallpaper with Dynamic Text

Custom iOS Wallpaper Dynamic Text Tips

Unlock Token in iOS 13

No Comments