Allow management of display auto-lock without enabling passcode policy

Number:rdar://30582319 Date Originated:2/17/17
Status:Open Resolved:
Product:iOS MDM Product Version:iOS 9.3, iOS 10.x
Classification:Enhancement Reproducible:Yes

When managing devices as kiosks, we want to manage the timeout functionality of the screen's auto-lock feature, say by extending it from 2 minutes to 10 minutes, but not enable the device's passcode because it is a kiosk device open to the public. The passcode policy MDM payload should be separated from display management.

Steps to Reproduce:
1. Create a passcode policy profile in Apple Configurator (or MDM system)
2. Set passcode policy's key forcePIN to False.
3. Set the passcode policy's maxInactivity integer to 10, 15 or some other value.
4. Install the configuration profile on the device.
5. On device you are asked to set a passcode, which is not expected since forcePIN is set to false.
6. Additionally observe that the maxInactivity setting is not recognized and does not change/update the auto-lock timer on the iOS device.

Expected Results:
Expect to be able to change the screen's auto-lock timer from 2 minutes (default) to 10 minutes without setting a passcode.

Actual Results:
iOS Devices ask you to set a passcode on profile installation and do not recognize the new display auto-lock timer setting.

iOS 9.3, iOS 10.0, iOS 10.1, iOS 10.2, iOS 10.2.1

An example .mobileconfig profile has been attached.

iPad mini 4 and iPad Air 2

'test_auto_lock.mobileconfig' was successfully uploaded.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!