UPDATE 24-Oct-2013:  As of iOS 7.0.3 release this issue has been resolved.

As many of you are aware, an issue with the new iOS 7 operating system affects the Password Compliance status with XenMobile MDM server.  When a device is locked the compliance status is set to out of compliance.  The consequences are the following:

  • Active Sync Gateways block all email (if set to block on password compliance).
  • Automated Actions are triggered that are set to execute when the password compliance is not met.

Citrix has formally logged this bug with Apple and is working with Apple on this issue.  Citrix as well as other MDM vendors have reported the issue.  In the mean time, here are our recommendations:

  • Statically allow for iOS 7 devices irrespective of the password compliance status.  This change is made on the email gateway server.
  • Edit the SMG filter on the XDM server to not consider the password compliance as a factor in the allow/deny.
  • Disable the requirements for compliant password on any Automated Actions.  An example: An automated action to ‘selective wipe’ if password compliance is not met.

We will provide updates as we get information back from Apple on the resolution status. If you organization has AppleCare OS Support, we recommend you contact Apple for status on this issue.