Had an issue recently with some users that couldnt unlock their JAMF MDM managed MBP using Touch ID.
After a bit of poking around, I found that I had to:
- exclude their machine from the MDM profile
- Run the `bioutil` commands [see below]
- Re-apply the MDM
- Re-add their fingerprints.
bioutil -s -w -u 1
The man page for `bioutil` says:
Usage:
bioutil {-r | -w [-f { 0 | 1 }] [-u { 0 | 1 }] [-a { 0 | 1 }]} | [-c] | [-p] | [-d <uid>] [-s]
Options:
-r, --read Read current Touch ID settings
-w, --write Write new Touch ID settings
-s, --system Flag to read/write systemwide Touch ID settings or perform systemwide operations
-f, --function Enable (1) or disable (0) Touch ID functionality in general (system settings only)
-u, --unlock $value Enable (1) or disable (0) Touch ID for unlock
-a, --applepay $value Enable (1) or disable (0) Touch ID for ApplePay (user settings only)
-c, --count Print number of enrolled fingerprints of the current user or of all users (-s, administrator only)
-p, --purge Delete all enrolled fingerprints of the current user or of all users (-s, administrator only)
-d, --delete $uid Delete all enrolled fingerprints of the given user (administrator only)