This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
This document discusses both device level passcode reset and work profile passcode reset on Android enterprise (formerly called Android for Work, or AfW) devices. It's important to note this distinction as requirements for each can vary. A device level passcode reset resets the passcode for the entire device. A work profile passcode reset resets the passcode only for the user's work profile on Android enterprise devices.
| Platform | Supported? |
|---|---|
| Android devices on version 6.x or earlier | Yes |
| Android Enterprise devices enrolled as Device Owner | Yes |
| iOS/iPadOS devices | Yes |
| iOS/iPadOS devices enrolled with User Enrollment | No |
| Android Enterprise personally-owned/corporate-owned devices enrolled with a work profile | No |
| Android devices on version 7.0 or later | No |
| macOS | No |
| Windows | No |
| Android Open Source Project (AOSP) Corporate-owned, user-associated devices | Yes |
| Android Open Source Project (AOSP) Corporate-owned, userless devices | Yes |
For Android devices, device level passcode reset is only supported on devices running 6.x or earlier, or on Android enterprise devices running in Kiosk mode. This restriction is because Google removed support for resetting an Android 7 device's passcode/password from within a Device Administrator granted app and applies to all mobile device management (MDM) vendors.
Important
Android device administrator management is deprecated and no longer available for devices with access to Google Mobile Services (GMS). If you currently use device administrator management, we recommend switching to another Android management option. Support and help documentation remain available for some devices without GMS, running Android 15 and earlier. For more information, see Ending support for Android device administrator on GMS devices.
| Platform | Supported? |
|---|---|
| Android enterprise devices enrolled with a work profile and running version 8.0 and later | Yes |
| Android enterprise corporate-owned devices with a work profile | Yes |
| Android enterprise devices enrolled with a work profile and running version 7.x and earlier | No |
| Android devices running version 7.x and earlier | No |
To create a new work profile passcode, use the Reset Passcode action. This action prompts a passcode reset and creates a new, temporary passcode for the work profile only.
Note
To successfully reset a passcode for the Work Profile of an Android device, you must configure the device passcode within device restrictions. Any attempts to reset the passcode without configuration will fail.
Supported Android Enterprise personally-owned and corporate-owned work profile devices enrolled with a work profile receive a new managed profile unlock password or a managed profile challenge for the end user.
For Android Enterprise personally-owned work profile devices running version 8.x or later, end users get notified to activate their reset passcode right after enrollment completes. The notification is displayed if a work profile password is required and set. After their passcode is entered, the notification is dismissed.
After the reset passcode is selected from the admin center, a temporary passcode is presented to the admin. This passcode is provided for the following devices when running version 8.x or later:
The temporary passcode must be entered on the device. The temporary passcode for the device is displayed in the admin center for seven days.
Instead of being reset, passcodes are removed from iOS/iPadOS devices. If there's a passcode compliance policy set, the device prompts the user to set a new passcode in Settings.
Important
If the Remove passcode action fails, Intune might have stored the wrong unlock token, and you need to Wipe the device to regain access.
If the remote lock action failed, validate that the configuration is correct. Here are some common issues:
To see the status of the action you just took, in Devices, select Device actions.
Training
Module
Enroll devices using Microsoft Intune - Training
Students will learn how to configure and setup Intune to more easily manage Windows, Android, and iOS devices.
Certification
Microsoft 365 Certified: Endpoint Administrator Associate - Certifications
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.