in MacOS, Tips & Tricks

MDM & MBP :: Touch ID Not Unlocking Device

Had an issue recently with some users that couldnt unlock their JAMF MDM managed MBP using Touch ID.

After a bit of poking around, I found that I had to:

  1. exclude their machine from the MDM profile
  2. Run the `bioutil` commands [see below]
  3. Re-apply the MDM
  4. Re-add their fingerprints.
bioutil -s -w -u 1

 

The man page for `bioutil` says:

Usage:
bioutil {-r | -w [-f { 0 | 1 }] [-u { 0 | 1 }] [-a { 0 | 1 }]} | [-c] | [-p] | [-d <uid>] [-s]

Options:
    -r, --read                      Read current Touch ID settings
    -w, --write                     Write new Touch ID settings
    -s, --system                    Flag to read/write systemwide Touch ID settings or perform systemwide operations
    -f, --function                  Enable (1) or disable (0) Touch ID functionality in general (system settings only)
    -u, --unlock $value             Enable (1) or disable (0) Touch ID for unlock
    -a, --applepay $value           Enable (1) or disable (0) Touch ID for ApplePay (user settings only)
    -c, --count                     Print number of enrolled fingerprints of the current user or of all users (-s, administrator only)
    -p, --purge                     Delete all enrolled fingerprints of the current user or of all users (-s, administrator only)
    -d, --delete $uid               Delete all enrolled fingerprints of the given user (administrator only)