It’s time for an adventure down the rabbit hole that is iCloud Activation Lock!
Apple’s iCloud Activation Lock feature is one of those features from Apple that is great for personal users and device security, but can be an absolute pain for admins.
I have spoken to many an admin who has a pile of MacBooks or iPads sitting in their office that are activation locked, sometimes with no method of recovery for getting back into those laptops. It’s such an issue that oftentimes perfect useable laptops have to be sold for parts because they cannot be re-used without the Activation Lock being removed from the device.
How do these devices get activation locked by users in the first place?
Keep in mind, there are two types of Activation Lock (device-based and user-based).
From Apple’s documentation:
There are two types of Activation Lock available to organizations:
Device-based: Device-based Activation Lock requires Apple School Manager, Apple Business Manager, or Apple Business Essentials and is generally simpler to manage for organizations. It enables MDM to fully control enabling and disabling of Activation Lock through server-side interactions.
User-based: User-based Activation Lock requires the user to have a personal iCloud account and for them to enable Find My. This method allows the user to lock an organization-owned device to their personal iCloud account if the MDM solution has allowed Activation Lock.
I will be focusing on user-based Activation Lock in this post (Device-based Activation Lock as of this writing, only applies to iPadOS and iOS).
I’m going to break this blog post into two sections: Steps you can take for devices that are already activation locked, and some thoughts on how to prevent Activation Lock in the first place.
Continue reading A Guide to Disabling & Preventing iCloud Activation Lock