This is only a problem on devices that are running ios 11 when they dont have the hardware to support the new touch id feature
You'll also notice that when you enable lost mode from your mdm server on these problematic devices that the command will return a response saying that it could not enable lost mode on the device - even though it actually does
And when you try to disable lost mode from your mdm server the command will say it cant disable it - and really cant
In the ios device logs you will see that there is an error similar to the below that happens after you enable lost mode and before you try to disable lost mode
Oct 12 14:47:54 iPad mdmd(DeviceManagement)[1056] <Notice>: Could not to disable MDM Lost Mode: NSError:
Desc : The device cannot be taken out of lost mode.
Domain : DeviceManagement.error
Code : 500
...Underlying error:
NSError:
Desc : The operation couldn\M-b\M^@\M^Yt be completed. (com.apple.icloud.FindMyDevice.EmbeddedOSSupport error 3.)
Domain : com.apple.icloud.FindMyDevice.EmbeddedOSSupport
Code : 3
...Underlying error:
NSError:
Desc : The operation couldn\M-b\M^@\M^Yt be completed. (BiometricKit error 4099.)
Domain : BiometricKit
Code : 4099
Extra info:
{
NSDescription = "";
}
I think the fact this error happens after enabling lost mode means it actually gets to enter lost mode
And the opposite is true for when you try to disable lost mode, the error happens before it tries to disable it so the command fails
I have a case open with apple but they are just telling me they cant reproduce the problem!
My guess is they arent following our steps to reproduce properly and they're using a device that supports touch id