Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
With the reset passcode action in Microsoft Intune, you can remotely reset a device passcode to help users regain access to their devices without requiring a full device wipe. This remote action is especially useful when a user forgets their passcode or is locked out of their device or work profile.
Requirements
Platform requirements
This remote action supports the following platforms:
- Android Enterprise corporate-owned dedicated (COSU)
- Android Enterprise corporate-owned fully managed (COBO)
- Android Enterprise corporate-owned work profile (COPE)
- Android Enterprise personally-owned work profile (BYOD)
- Android Open Source Project (AOSP)
Role and permission requirements
To run this remote action, use an account with at least one of the following roles:
- Help Desk Operator
- School Administrator
- Custom role that includes:
- The permission Remote Tasks/Reset Passcode
- Permissions that provide visibility into and access to managed devices in Intune (for example, Organization/Read, Managed devices/Read)
Passcode reset types
When working with Android devices, it's important to understand the two types of passcode resets available:
- Device-level passcode reset: The action resets the passcode for the entire device.
- Work profile passcode reset: The action resets the passcode for the user's work profile only.
The following table summarizes the passcode reset types based on platform:
| Platform | Device-level passcode reset | Work profile passcode reset |
|---|---|---|
| Android Enterprise corporate-owned dedicated (COSU) | ✅ | ❌ |
| Android Enterprise corporate-owned fully managed (COBO) | ❌ | ✅ |
| Android Enterprise corporate-owned work profile (COPE) | ❌ | ✅ |
| Android Enterprise personally-owned work profile (BYOD) | ❌ | ✅ |
| Android Open Source Project (AOSP) | ✅ | ❌ |
Important
Before initiating a passcode reset, ensure that the passcode requirement is enforced via device configuration policies—otherwise, the reset fails.
How to reset a passcode from the Intune admin center
- In the Microsoft Intune admin center, select Devices > All devices.
- From the devices list, select a device.
- At the top of the device overview pane, find the row of remote action icons. Select Reset passcode.
- A new passcode is presented to the admin.
The new passcode must be entered on the device, and it's displayed in the admin center for seven days.
User experience
For work profile passcode reset, users get notified to activate their reset passcode. After their passcode is entered, the notification is dismissed.
Note
If the remote lock action fails, confirm that you have a device passcode policy assigned to the device. If the device doesn't have a device passcode assigned, the remote lock action doesn't succeed.
Reference links
- Microsoft Graph API: resetPasscode action