Unknown enforced backup password

Drew Reece wrote:

When you use the term 'Profile' are you actually referring to 'configuration profiles' that manage the settings on iOS?

Apple Configurator or Profile manager is responsible for creating these (along with many third party MDM solutions).

If that is the case you should speak to the admin who setup up the profiles, they will be shown in Settings > Profiles if you have any.

Yes, I mean configuration profile. It was created via an MDM, and it's encrypted, which is apparently what has forced iTunes to apply a password To backups.

I can remove the profile, which allows me to change the encryption option, but iTunes asks for the password and won't disable it unless I get it right. Ie I still can't make usable backups.

I am the admin, so speaking to the admin isn't going to help.

Kappy wrote:

See this for help: iOS- Troubleshooting encrypted backups.

No mention of passwords being enforced via profile there, but at least it confirms my observation that if you've ever made an encrypted backup then you still need to know the password in order to ever do an unencrypted backup. I'm not sure what the logic is there, but if there's no way around it then we have a big problem.

I'm keen to hear about the experiences of other business users rolling out replacement phones. If a large proportion of your users can't restore a backup to their new iPhone, what do you do about content in their old phones that they still need? Eg photos, text messages, data in apps, etc. a private user would have the old phone to refer to if necessary, but we're taking them back at changeover time.

Drew Reece wrote:

What MDM are you using?

Check the Keychain on their Macs - if you are lucky they may have a password saved.

The reason the password is required to change it is because it is the only way to prevent 'just anyone' from changing it, if they have forgotten it the data is effectively gone.

I'm guessing you have seen the deployment manual?

https://manuals.info.apple.com/MANUALS/1000/MA1685/en_US/ios_deployment_referenc e.pdf

We using MobileIron. As far as I can tell, the password to use isn't specified by the MDM, it's the mere fact that the profiles are encrypted that causes it to enforce passwords. It might turn out that every user gets prompted for a password the first time they back up, and these first two happen to have used their iCloud password and forgotten that they did, and that one of them has later changed it and forgotten that.

The normal behaviour of backup systems is that the password you set is for that backup only, so users wouldn't be expecting to have to remember their password for more than the few minutes it takes to restore their phone. any system that's in fact setting the password to use forever on that device really should be warning the user that's what's happening.

Are you suggesting that changing the password also changes the password to restore the older backups? Unless it does, I can't see the logic in preventing anyone else from changing the password iTunes uses.

I'm guessing the majority of them will have never created a backup before unlEss they've had to restore their phone. NONE of them have Macs.

I've seen that document, but haven't read it throughly.

TThanks for the long answer, Drew. Erasing the devices will defeat the purpose of the exercise, which is to get their data onto their new phones. I guess we'll have to do as many as we can - lots will have no password set. For the rest, bad luck.

I'm not sure how to go about avoiding the same problem when we get new phones again in 2 years. I'll ring Apple, maybe they'll have some ideas.

I rang Apple this morning, but no joy. The only suggestion they had was to increase iCloud storage and backup and restore from there. I guess if we get users to get all their photos and videos off first then icloud backups with the default amount of storage should be feasible.

There appears to be no way to perform usable backups to a computer once the original password is lost. Even if the encrypted configuration profile that triggered the problem is removed, once the password is set on the device, that's it.

The feeling I'm getting from several dropped hints is that once you've done an encrypted backup, your DEVICE is now encrypted with that password, and the fact that backups are encrypted is just a side effect of that. If this is the case then the situation makes more sense, but I haven't seen this specifically mentioned anywhere at all.

I've submitted feedback to Apple asking that iTunes display a message warning of the full implications of setting a password on a backup. I'd be interested to hear from other people who have had trouble with this.

Thanks for that. I've purchased a program called SynciOS, which has been getting the photos across for me, and also the apps (although I don't know if it's bringing the app data across too). I don't know if there are free tools that would have done the same thing, but it seems to mostly work.

The smoothest transfers have been where users have had enough room in the iCloud accounts to do a backup to restore from. The problem is that lots of users don't seem to have the know-how to get photos off their devices in order to make the iCloud backup small enough, and quite a few don't even have iCloud accounts or have forgotten their password or AppleID, so it's slow going.

We'd just lay down the law and set up the new phones without helping with transfers, but the rule is they have to give us their old phone before they get the new one, which means they can't do a restore themselves unless they already know how to do the backup. Restores for people who do know are quick and smooth anyway.

It's a great pity Apple don't allow "merging" of backups later. This "now or never" process means they only get one shot at it.