Update: Current versions of AirWatch 8.3, as well as AirWatch 8.4, have separate privacy settings for Clear Passcode/Device Lock and Device Wipe.
Updated privacy settings: Clear Passcode and Device Lock commands disabled by default on Employee Owned devices in AirWatch 8.3
To protect the user’s privacy on an Employee Owned or Unassigned device, the default privacy settings of the MDM profile have been changed in AirWatch 8.3.
By default, the MDM profile on an iOS device with the ownership type set to Employee Owned or Unassigned will not have permission to perform the Clear Passcode, Lock Device, or Full Device Wipe commands. You will still be able to perform an enterprise wipe on these devices. These permissions only affect devices enrolled after the upgrade to AirWatch 8.3.
To confirm if the MDM profile has the appropriate permissions, perform the following steps:
- On the device, navigate to Settings > General > Device Management > Digital Workspace > More Details > MDM Settings.
- Confirm under Rights if the profile has the permission lock device and remove passcode.
These permissions are currently coupled with the Full Wipe permission in the AirWatch Console. If the privacy setting for Full Wipe is set to Prevent (the default for Employee Owned and Undefined ownership types), then the MDM profile will not have permission to clear passcode, lock device, or perform a full device wipe. If the permissions of the MDM profile are incorrectly set, the device must be re-enrolled after updating the settings in the Privacy page of the AirWatch Console.