iPhone stuck in lost mode as it won't sync with Intune. Can make phone calls with it fine. Any way to get it out of lost mode?
Posted by down_with_cats@reddit | sysadmin | View on Reddit | 19 comments
I understand that if the device has no internet connection, then my only option would be to wipe it. However, it has a Verizon cellular plan tied to its eSim. The plan includes unlimited data (showing 0.03GB used this month), and I can call the phone and talk to myself on it. I can also tap "Call" on the screen to call the number we entered when we put it in lost mode.
I've never seen this before as the device should be sync'ing fine. It was last sync'd 5/7 when it was powered off, put in a box, and shipped to me. I've had it for a week trying everything possible to pull it out of lost mode, but it will not receive any commands from Intune despite showing full bars of 5GUW.
I tried connecting it to my MacBook with Configurator, but lost mode disables the USB port and if I put it in recovery mode the only options are to wipe it.
Legal needs to pull data off the phone so wiping it isn't an option. The device is in Apple Business Manager and is supervised (hence the ability for lost mode). You'd think there'd be some type of failsafe to prevent this kind of behavior because it really makes lost mode useless.
Does anyone have any suggestions?
ProfessionalWorkAcct@reddit
Check the status of the user's account. I had an iphone that wouldnt sync in intune because the account was deleted.
down_with_cats@reddit (OP)
You are a lifesaver! I was able to get approval quicker than I expected. I moved the AD object back to an OU that syncs, kicked off a dirsync, and it recovered the object in Entra. Gave it a license and now it's receiving Intune commands. Lost mode removed. THANK YOU!
ProfessionalWorkAcct@reddit
Oh yay I just read this. Glad I could help. That actually makes me feel good!
down_with_cats@reddit (OP)
Well, the user account was moved to a graveyard OU that doesn't sync with Entra. So, the AD account is disabled and the Entra account is in the deleted users, section. Are you saying I can restore the object from deleted users and it should fix whatever is broke with Intune?
ProfessionalWorkAcct@reddit
Not sure, but it might be worth a shot. My environment is entra joined, no hybrid.
down_with_cats@reddit (OP)
Worth a shot. Going to get approval before restoring, assign an E5 to it so it's licensed for Intune, and see if the device starts checking back in. Will report back but might be a few days before approval is granted. Thanks for giving me a bit of hope!
oloruin@reddit
I would check with Verizon business support to make sure the device isn't flagged as lost/stolen.
We had a phone stolen recently (yeah buddy... enjoy that SE 2020) and it was reported stolen before I could say "DON'T DO THAT! (yet)"
I tried to get it reactivated for tracking purposes and the Verizon rep told me reporting it stolen disabled the eSIM. So if you reported it stolen rather than just turning on Lost mode... might be out of luck.
I think it was "reported" by turning on suspend-without-billing, and choosing lost/stolen as the reason.
You might try setting up an alternate free-tier MDM server and trying to migrate the phone to that other server through MBM. I thought I read it was possible to do on iOS 26 without a wipe.
If you put it in recovery mode, do you get the option to update OS, or just restore?
Are you sure this thing wasn't flagged as stolen (vs lost)?
Can you use the camera to scan QR codes? Maybe scan a prepaid eSIM via QR code to get a cellular data connection not connected to whatever may be going on with the Verizon connection?
Capta-nomen-usoris@reddit
Just a theory but what if you boot the phone into recovery mode, not sure if lost mode still disables the port while in recovery mode tough. But once there hook it up to your MacBook and use iTunes. It might get an internet connection, hopefully, I’m not sure.
down_with_cats@reddit (OP)
Tried that, it just shows the phone as a device that can be wiped and restored. That would lose all of the data that the legal department needs though so we can't do that.
BrentNewland@reddit
https://www.reddit.com/r/Intune/comments/tt4esu/iphone_not_disabling_lost_mode/
Possibly an eSIM PIN has been set. The pin must be entered after a device reboot before cellular data can be accessed.
https://support.apple.com/en-us/118228
Contact the carrier for a Personal Unlocking Key.
Maybe putting in a physical SIM card with an active plan and no SIM Pin will work?
down_with_cats@reddit (OP)
It has cell service as I can make and receive calls. Wouldn’t a SIM Pin prevent that? No physical SIM port on this model.
Capta-nomen-usoris@reddit
Good question, can you verify if it has a data connection on the cellular plan. It most likely doesn’t at this point.
down_with_cats@reddit (OP)
Yes I'm logged into the Verizon account and see it has a full plan and has used 0.03GB of data this month (it was put in lost mode on 5/1).
BrentNewland@reddit
Seems you're right.
Capta-nomen-usoris@reddit
The first thing you should confirm is if you disabled lost mode for this device, double check the serial number both in business manager and in the phone. It could be as simple as that.
For as far as I know lost mode should not disable WiFi or 5g. But I can understand you can’t connect it to a new WiFi ssid if you are locked out of those functions and cellular might a require sim pincode that is also unavailable now. Would it be possible to get the phone to the location where it was connected to WiFi? Another alternative would be to add a secondary physical SIM card without a PIN code. The phone might get a connection and be able to get the lost mode lifted.
That’s all, let’s hope someone else has a better idea.
WifiIsBestPhy@reddit
Wifi passwords are encrypted in "Before First Unlock".
You might be able to get it to join an open wifi network, or connect it to an ethernet network
down_with_cats@reddit (OP)
Can’t open any settings or menus in lost mode so there’s no way to connect to a new WiFi network. USB port gets disabled so a USBC network adapter does not provide network.
down_with_cats@reddit (OP)
I’ve gone as far as using graph in PowerShell to verify the device, the actions, and forced syncing it. The serial matches the device ID that got the lost command on 5/1. It was in communication with Intune until 5/7. WiFi isn’t disabled but the phone was powered off so the keychain is inaccessible so it wont connect to any WiFi networks.
sorbic-acid@reddit
The only thing I can think of: vzw voice calling works but data isn't provisioned properly.
In that event your only option is to give it another path to the Internet. Has it been joined to a wireless network before? If so, it should rejoin it if presented with the network again, which may give it a route to intune...