Re: SEG blocking newly enrolled devices

sluzi1986 · ‎06-22-2021

We have a bit of a problem where our SEG compliance is triggering for every newly enrolled device before the device is able to finish the setup assistant workflow. The device is reported as un-encrypted after DEP kicks in - we receive passcode compliance notices as such - and then MEM kicks in to block it at that time.

By the time the user finishes the setup assistant, and they have encrypted their iOS device with a passcode, the SEG already has the device flagged as blocked due to no encryption. The device is 'green' across the board in Console but SEG still has it as 'blocked'. Pulling / re-pushing the mail profile has been a consistent work-around but I'm not understanding why the SEG compliance isn't updating immediately.

Any thoughts? Thanks.

Noordan · ‎06-29-2021

For me, a working solution for me is to sync the device and then restart the mail-application. We are using Boxer in this use case, so it might have an impact.

sluzi1986 · ‎06-29-2021

Generally speaking, if we direct the user to perform a hub sync, the SEG block will be removed within the next delta sync to SEG. This occurs anywhere from 10-20 minutes, from what we've seen.

But...honestly, shouldn't have to do that. I'd expect the compliance engine to handle the update quicker than what it is doing.

It's good to know it helps if you're using Boxer. Adds to the reasons to get rid of native mail and move to Boxer, among others, so thank you for that feedback.

All

SEG blocking newly enrolled devices

Workspace ONE UEM