Activation Lock Bypass for iOS and macOS devices
  • 10 Sep 2024
  • 6 読む分
  • PDF

Activation Lock Bypass for iOS and macOS devices

  • PDF

The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約

Activation Lock feature makes it hard for anyone to use or resell a lost or stolen device. When Activation Lock is enabled on a device and it is erased, the device will prompt the user to enter user email and password it is locked with. Scalefusion gives the ability to control the Activation Lock and it’s features. Activation Lock Bypass Codes can be used to bypass the lock by entering the code instead of user credentials.

In this guide we will see how Scalefusion can help IT Admins the capability to manage Activation Lock and its features from the dashboard.

How is Activation Lock enabled?

An Activation Lock is enabled when a user logs into “Find My” app on iOS and macOS devices. This will set the activation lock using user’s credentials. When a device is stolen or lost, and it is reset, the device will prompt to enter the user’s credentials to proceed with setup.

Scalefusion’s role in Activation Lock

If an organisation owned Apple device has Activation lock enabled with employee's personal apple id, it causes unnecessary hassle to remove the Activation Lock when the employee leaves the organisation without disabling the activation lock.

Scalefusion lets organization benefit from its theft-deterrent functionality while simultaneously providing it with the ability to turn off Activation Lock for devices the organization owns without needing to enter employee’s credentials.

Types of Activation Lock

  1. Organization Linked (MDM) Activation Lock: When MDM, like Scalefusion, contacts the Apple server directly to apply the Activation Lock, we say it to be Organization Linked Activation Lock. The device applies Activation Lock using ABM/ASM admin’s credentials. This provides increased protection because if the MDM fails to clear the Activation Lock remotely, then the device activation lock can be removed by entering the Admin’s credentials on the Activation Lock screen. Due to it’s benefits, this approach is highly recommended. This is currently available only for iOS devices enrolled via DEP.

  2. User Linked Activation Lock: The Activation Lock is applied using user’s(employee) personal iCloud account. By default, any supervised device has Activation Lock disabled, not allowing the user to activate it. MDM can allow the user to enable Activation Lock. This is available for supervised iOS and macOS devices.

Bypassing Activation Lock

What happens when the user credentials linked to Activation Lock are not available? This is where Bypass code come into the picture.

Once a Bypass code is collected, Admins can choose to manually bypass the Activation Lock by entering the Bypass code in the password field on the Activation Lock screen and leaving the username field empty.

Prerequisites for Bypass Codes to work

Activation Lock type

iOS

macOS

Organization Linked Activation Lock

  1. Device should be enrolled via DEP

  2. Device should be supervised

  3. iOS 7 or later

  4. iPadOS 13.0 or later

Not available for macOS

User Linked Activation Lock

  1. Device should be supervised

  2. iOS 7 or later

  3. iPadOS 13.0 or later

  1. Device should be supervised

  2. Require Apple silicon or the Apple T2 Security Chip

  3. macOS 10.15 or later

Points to keep in mind

In case of User Linked Activation Lock, the following points should be considered:

  1. By default, supervised devices will have Activation Lock disabled. Admin has to Allow Activation Lock in this case for the user to enable it.

  2. The Activation Lock will be enabled only when the user logins into Find My app. If this is not done, then Activation Lock doesn’t get applied.

  3. If the Activation Lock was enabled by user prior to device enrolment, then the user have to toggle Find My to OFF and then back ON for the bypass codes to work.

  4. If the Activation Lock was enabled by user prior to device enrolment but the Admin has selected to not allow the user to enable Activation Lock, in this case, the Activation Lock will remain active until the user switches OFF Find My. Post that, the user won’t be able to enable the Activation Lock.

  5. If the device is migrating from another MDM to ours, then bypass codes would probably not be available as the device generated bypass codes would expire in 15 days or the previous MDM service would have cleared it.

Activation Lock Enrollment Settings

These settings will only work when an iOS device or a macOS device is being enrolled in Scalefusion for the first time.

You can access these settings by navigating to Utilities > Global Settings > Apple Settings.

  1. Allow Activation Lock: Enabling this option will allow end users the ability to enable Activation Lock when signing into 'Find My' on the device with their Apple ID credentials. Applicable for supervised devices only. Works on iOS and macOS devices.

  2. Apply MDM based Activation Lock: Enabling this option will force enable Activation Lock using the Apple ID of an Apple Business Manager or Apple School Manager administrator. Applicable for devices enrolled via DEP only. Works only on iOS devices.

Activation Lock Settings

These settings are available at Profile level for both iOS and macOS. These settings are helpful in case you want to turn On/Off the Activation Lock after the device has been enrolled.

  1. Activation Lock Settings in iOS Device Profile

    1. You can access these by navigating to Device Profile & Policies > Device Profile > edit the iOS Device Profile.

    2. Go to Restrictions > General Settings > scroll down to Activation Lock Settings.

    3. Toggle on the Override Global Activation Lock Settings button.

      1. Allow Activation Lock: Enabling this option will allow end users the ability to enable Activation Lock when signing into 'Find My' on the device with their Apple ID credentials. Applicable for supervised devices only.

      2. Apply MDM based Activation Lock: Enabling this option will force enable Activation Lock using the Apple ID of an Apple Business Manager or Apple School Manager administrator. Applicable for devices enrolled via DEP only.

        MDM based Activation Lock Bypasscode may not work at times. In such a case on the device please enter the credential of ABM or ASM Administrator on the Activation screen.

  2. Activation Lock Settings in macOS Profile

    1. You can access these by navigating to Device Profile & Policies > Device Profile > edit the macOS Device Profile.

    2. Go to Restrictions > Functionality > scroll down to Activation Lock Settings.

      1. Allow Activation Lock: Enabling this option will allow end users the ability to enable Activation Lock when signing into 'Find My' on the device with their Apple ID credentials.

Bypasscodes on Scalefusion dashboard

IT Admins can see the Bypasscodes in the Full Device Information for that particular device on the dashboard.

Clear Activation Lock

There are two ways you can clear Activation Lock:

Scalefusion Dashboard

IT Admins can clear the Activation Lock on the device(s) by going to Devices section > click View Details for the concerned device > click on Gear icon and scroll down to Clear Activation Lock.

On the device you will not get the Activation Lock screen when reset the device and are trying to set it up again.

ABM Portal

If the device is DEP enabled, Activation Lock can be cleared right from ABM portal.

Frequently asked questions

Q1. My iOS device is a Supervised device and I have enrolled it in Scalefusion.

Q1. My iOS device is a Supervised device and I have enrolled it in Scalefusion. After enrollment user enters their own personal Apple ID and turn on the Find My iPhone which also activates the Activation Lock. How can I get these Activation Lock codes from the device?

A1. The codes will be synced to dashboard and visible under Full Device Information.

Q2. My macOS device is not a DEP device.

Q2. I have macOS devices that are not DEP devices and “Find My Mac” is already enabled. How can I make sure these Activation Lock codes work on the device?

A2. You will need to ask the user(s) to turn off “Find My Mac” on the device and turn it back on, this will make sure that bypasscodes work.


この記事は役に立ちましたか?

What's Next