Fingerprint Lock and Exchange ActiveSync Policies (iOS)


Is Apple's Thumbprint scanner on later iPhones an acceptable encryption method for the EAS policy?



The fingerprint lock feature can be used in place of the PIN to unlock the phone.  However, the PIN must be set up additionally on the device to make the fingerprint lock work.  If the PIN is removed from the device settings, the fingerprint lock feature is automatically disabled and unable to be utilized on the device.


In the event that an Exchange account with a password requirement from an Exchange ActiveSync policy is already in place, the option to turn off the pass code is disabled.  The fingerprint lock can be disabled or edited.  However, the device PIN must be entered in order to complete the change.


Visit the link listed below for a TechNet forum that discusses this issue to review some other experiences using iOS fingerprint lock with EAS policies:


If fingerprint lock is enabled but no PIN is configured on the device AND an Exchange account is enabled that requires a PIN or password to comply with the organization's EAS IT policy, the following error will appear:



Passcode Requirement


The account "______" will not download new data until a new passcode is set.



To resolve the error, a passcode must be enabled for the device.  To utilize the fingerprint lock and edit the passcode settings on capable iOS devices, take the following steps:


1.  From the home screen, tap Settings and then tap General.



2.  Tap Passcode & Fingerprint.




3.  Tap Fingerprints in order to store a fingerprint as an encryption method.  (You can also enable or change the passcode from the same menu.)