Activation Lock
Overview
The Apple Activation Lock feature prevents unauthorized wiping or reactivation of iOS/macOS devices by requiring the user to provide an Apple ID and password. Activation Lock turns on automatically on enrolled supervised iOS/macOS devices as part of the Find My feature set. You must turn off Find My to disable the Activation Lock.
Note: SOTI MobiControl cannot manage Activation Lock on
unsupervised devices. To confirm Activation Lock is available for a macOS
device, select Devices and select a device. From
Device Details, check that the Activation
Lock Supported value is Yes. This property is not
available for iOS devices.
Activation Lock requires iOS 7+ and macOS 10.15+. See Apple's documentation on the feature for more information.
This section has the following topics:
Activation Lock Bypass
While Activation Lock is helpful in many situations, it can cause issues when transferring
iOS/macOS devices between device users. To simplify device re-assignment, Apple
provides a method to bypass Activation Lock using the SOTI MobiControl console.
Important: The Activation Lock bypass requires a bypass code from the device. The device
generates a bypass code when:
By default, SOTI MobiControl enables Activation Lock on
the first check-in of a specified iOS/macOS device or group. To do this, SOTI MobiControl:- Set up for its first use (new device)
- Factory reset
- Restored with a backup from a different device
- Fetches and saves the device's bypass code.
- Removes the code from the device to prevent reuse.
- Makes the code available in the Device Information panel.
- Records the transfer of the bypass code in the SOTI MobiControl logs.
Note: Before wiping an iOS/macOS device with Activation Lock
enabled, start an Activation Lock bypass to send the code to the Apple activation
server. The device bypasses the Activation Lock during the reactivation process. If
you do not begin the bypass before wiping the device, you can still reactivate the
device manually using the code.
Tip: Administrators can use Erase all Content and
Settings (EACS) on compatible devices for a faster wiping
process.
Activation Lock bypass has some limitations. iOS/macOS devices
only generate the code once per 'lifetime.' If you transfer a device from another
MDM or SOTI MobiControl instance, the device must be factory reset to
regenerate the code. Otherwise, SOTI MobiControl cannot retrieve the
Activation Lock bypass code from the device.