- Enrol Supervised iOS device
- Turn ON screen time restriction by opening Settings app -> Content & Privacy restrictions -> Passcode & Face ID -> Don’t Allow.
- Now install a Passcode policy profile via MDM with the key “forcePIN” set to “true”, such that the device is needed to change the passcode in device.
By following above steps, the profile fails. The failure response from the device states that passcode restriction is applied in the device, “The profile ‘Profilename’ may require a passcode change but the passcode cannot be modified.”
This is an incorrect behaviour as MDM should have more control over the screen-time restriction as well.
Error response from the device
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>InstallProfile</string>
<key>ErrorChain</key>
<array>
<dict>
<key>ErrorCode</key>
<integer>4001</integer>
<key>ErrorDomain</key>
<string>MCInstallationErrorDomain</string>
<key>LocalizedDescription</key>
<string>Profile Installation Failed</string>
<key>USEnglishDescription</key>
<string>Profile Installation Failed</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>4026</integer>
<key>ErrorDomain</key>
<string>MCInstallationErrorDomain</string>
<key>LocalizedDescription</key>
<string>The profile **** may require a passcode change but the passcode cannot be modified.</string>
<key>USEnglishDescription</key>
<string>The profile **** may require a passcode change but the passcode cannot be modified.</string>
</dict>
</array>
<key>Status</key>
<string>Error</string>
<key>UDID</key>
<string>****</string>
</dict>
</plist>
Feedback ID : FB14249704