VMware Workspace ONE Community
JoeTingley
Enthusiast
Enthusiast
‎02-26-2020 12:53 PM

iPhone fails Compliance Policy immediately after enrolling

Hi folks,

I've got a user trying to enroll a iOS device. She gets through the enrollment process and installs the management profile successfully. If I refresh the phone, I can see it mid-enrollment for a split second before her phone triggers a compliance policy issue and enterprise wipes. The only thing I can see from the console is "Device Profile Type Unblocked". Anyone familiar or have tips on troubleshooting this?

Thanks!

Joe

Labels (1)
Labels
Reply
8 Replies
chengtmskcc
Expert
Expert
‎02-26-2020 01:02 PM

Just one device or multiple devices? One user or multiple users?

Reply
0 Kudos
JoeTingley
Enthusiast
Enthusiast
‎02-27-2020 05:12 AM

Just one device. It was enrolled for over a year and working fine. She stopped receiving email on the 6th this month, and I found the device was unenrolled due to a compliance issue. I've had some false positives before, so we removed the device and I had her re-enroll. She now gets the behavior described.

I just can't see what is triggering the compliance violation. It's very odd.

Reply
0 Kudos
chengtmskcc
Expert
Expert
‎02-27-2020 05:33 AM

If you have a spare device, have her enroll in it to confirm it's not an account related issue. If that's not the case, then see how this device is different from others. Perhaps the OS is outdated?

Reply
0 Kudos
lazyGhost
Contributor
Contributor
‎05-29-2020 12:03 PM

I'm having a similar issue at my company. We have a compliance policy for a required app. When a device is wiped or newly enrolled, the compliance policy will trigger before the app gets a chance to install from VPP.

Are there any known workarounds to this?

Reply
0 Kudos
RogerDeane
VMware Employee
VMware Employee
‎06-03-2020 04:59 AM

lazyGhost​ - you may want to change your compliance policy so that the first action isn't to un-enroll the device but to send the user or admin a message stating the app is not installed and then have a 2nd action that takes effect some time later (1 hour, 4 hours, 24 hours, etc..) where it will then un-enroll the device.

JoeTingley​ - what compliance policies do you have in place that have the action to un-enroll the device?  It would be helpful to know which policy is preventing the device from completing enrollment.

Roger

Reply
0 Kudos
lazyGhost
Contributor
Contributor
‎06-03-2020 07:56 AM

RogerDeane​ We do have a message sent first. I was simply chiming in with a similiar situation. My gripe here is that if you're getting a freshly enrolled/wiped device, the compliance policy kicks in before the device has even had a chance to download the required app! Minor annoyance to have a naggy email sent to you when you're still setting up your device for the first time.

Reply
0 Kudos
stadlmeierrolan
Contributor
Contributor
‎11-06-2022 01:53 AM

Hi,

I have to slide into this old thread as we are currently facing the same issue for one user in our company. Behavior is almost the same, the phone is running well for a couple of weeks. Then these events pop up in the troubleshooting logs and the enterprise wipe is enforced. But: we do not have any compliance policies in place where an enterprise wipe would be triggered. All our compliance policies send emails but no destructive action is configured.

Any more ideas here?

Thank you,

Roland

Reply
0 Kudos
gjohal
Contributor
Contributor
‎11-08-2022 07:03 AM

Hmmm, it may not be a compliance policy as other settings can trigger wipes (there's a setting where if the AD account becomes disabled, when attributes sync with WS1 it wipes the device also). DO you see any other information checking the wipe log for the device under Lifecycle > wipe log? Or is there any email compliance policies configured? 

Reply
0 Kudos