Activation Lock

Overview

The Apple Activation Lock feature prevents unauthorized wiping or reactivation of iOS/macOS devices by requiring the user to provide an Apple ID and password. Activation Lock turns on automatically on enrolled supervised iOS/macOS devices as part of the Find My feature set. You must turn off Find My to disable the Activation Lock.

Note: SOTI MobiControl cannot manage Activation Lock on unsupervised devices. To confirm Activation Lock is available for a macOS device, select Devices and select a device. From Device Details, check that the Activation Lock Supported value is Yes. This property is not available for iOS devices.

Activation Lock requires iOS 7+ and macOS 10.15+. See Apple's documentation on the feature for more information.

This section has the following topics:

Activation Lock Bypass

While Activation Lock is helpful in many situations, it can cause issues when transferring iOS/macOS devices between device users. To simplify device re-assignment, Apple provides a method to bypass Activation Lock using the SOTI MobiControl console.
Important: The Activation Lock bypass requires a bypass code from the device. The device generates a bypass code when:
  • Set up for its first use (new device)
  • Factory reset
  • Restored with a backup from a different device
By default, SOTI MobiControl enables Activation Lock on the first check-in of a specified iOS/macOS device or group. To do this, SOTI MobiControl:
  1. Fetches and saves the device's bypass code.
  2. Removes the code from the device to prevent reuse.
  3. Makes the code available in the Device Information panel.
  4. Records the transfer of the bypass code in the SOTI MobiControl logs.
Note: Before wiping an iOS/macOS device with Activation Lock enabled, start an Activation Lock bypass to send the code to the Apple activation server. The device bypasses the Activation Lock during the reactivation process. If you do not begin the bypass before wiping the device, you can still reactivate the device manually using the code.
Tip: Administrators can use Erase all Content and Settings (EACS) on compatible devices for a faster wiping process.
Activation Lock bypass has some limitations. iOS/macOS devices only generate the code once per 'lifetime.' If you transfer a device from another MDM or SOTI MobiControl instance, the device must be factory reset to regenerate the code. Otherwise, SOTI MobiControl cannot retrieve the Activation Lock bypass code from the device.