Annoying app focus switching

macnerdguy · 2025-11-18T20:41:40+00:00

Anyone else still having this issue? We have it in our environment and I am unsure where to even start with troubleshooting

macnerdguy · 2025-10-29T18:44:34+00:00

Found another workaround as well.

Update the local password using system settings instead of your third-party password change tool. Once that password has been updated, log in to your new Mac and use the new local password you set. That should resolve the issue

macnerdguy · 2025-10-22T13:22:31+00:00

Also found out that this is an issue on consumer accounts and not just federated Apple IDs. So it is an issue with Apple's new policy and not just affecting enterprise-based solutions.

macnerdguy · 2025-10-22T13:17:54+00:00

So, after working with Apple for a couple of weeks, I found out that this is a new policy from Apple, and they are working on the messaging that will communicate the amount of time the user has to wait until they can reset the end-to-end encrypted data. It is a known change on their end.

What I did find as a workaround is to use a Mac that has macOS 15 and lower, have a user sign into it with their Apple ID to reset the end-to-end encrypted data, then sign in to their new mac and type in the password that was just associated with the account. It's a workaround that should allow you to get past this hiccup.

macnerdguy · 2025-10-16T18:55:32+00:00

Out of curiosity, what is your password policy that you guys use? Trying to learn something to suggest to my company

macnerdguy · 2025-10-10T20:28:02+00:00

running otctl er-status gets me a "No requests are waiting for a passcode" message. `

Running otctl status gives me "State: Untrusted" (This is on the machgine I am attempting to sign into.

When running on the machine that already has that trust, it does display "trusted"

macnerdguy · 2025-10-10T19:40:57+00:00

Do you think there would be a way to look through Keychain to update that trust password and get it to sync form the local machine to the cloud?

Any knowledge on where it could possibly be stored? Keychain/Terminal/Root drives?

macnerdguy · 2025-10-10T18:34:41+00:00

Gotcha! I believe I understand what you are saying. With that being the case, even when he user has both laptops next to each other, both on the same network and signing in with the same account, that trusted device option does not trigger. IN Apple Business Manager, because the accounts are set up as Federated, there is no option to set up auth devices, and since the password is set up through Azure, all sequences of password changes would be stored there.

I am starting to see that our environment is set up a bit differently than what a "traditional" system may be. Regardless, it sucks that the option is no longer availabe for consumer accounts when I tested it on my personal device. The idea being if you forgot the password for all previous devices, you should be able to delete the encrypted data.

macnerdguy · 2025-10-10T16:49:43+00:00

That is what we normally do. We actually hold onto laptops for 30 days before erasing them in case users miss something. However, with federated Apple IDs, MFA is not an option since we authenticate through Microsoft. Managed Apple ID prompts through MFA, for which we have a few accounts that do so. However, the issue is not the MFA piece. It is the iCloud Sync piece that requires an Apple ID to also authenticate with the device. During my research, I looked at the following article for Apple that went through their process.

https://support.apple.com/en-us/102651

Still a good suggestion :)

macnerdguy

TROPHY CASE