Which Pin prompt are you seeing? Is it the Secure Startup Pin or the default Lockdown screen Pin?

That would be the Secure Startup Pin, i.e. the device pin itself. Not related to the lockdown. So basically before you can access the Android OS GUI, it prompts and after entering the device will make Android available.

I have also seen this on the TC77. We use NetMotion and it would not connect until the device PIN (not Secure Startup) was entered. The explanation that that I received was that Android locks the System Certificate Store until the PIN is entered on a reboot. Since the System Certificate Store is locked, the cert can't be used to authenticate on the network.

In our environment, we solved the problem by using the NetMotion Certificate Profile configuration. Using that method, NetMotion stores the required certificate in a private certificate store that they are able to access because it is not locked by the OS.

Arh, thanks Jim!

Did you also test if regular WPA2 network was prevented, i.e. like as if the actual network interfaces was inactive until the PIN was entered?

That it prevents all network interfaces from starting up is what puzzles me completely. But regardless I could look into whether I'd be able to install the cert in the private certificate store on Device Owned AE enrolled devices.

Thanks again :-)