Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Managing iOS Devices
  3. Restrictions

Category filter

How Hexnode simplifies Apple’s Activation Lock feature?

Jump To

Activation Lock is a critical security layer for Apple devices designed to prevent unauthorized access and theft. It functions by tethering hardware to a specific Apple Account via the Find My network.

How Activation Lock Works

  • Automatic Enablement: Triggered immediately when Find My is activated on iOS or macOS.
  • Persistent Security: The lock remains active even after a factory reset or device wipe.
  • Authentication Flow: To reactivate or use the device, the system requires the original owner’s Apple Account credentials.
  • Ecosystem Sync: Integrates seamlessly across iCloud, iOS, and macOS platforms.

The Corporate Challenge: The “Locked Device” Bottleneck

While essential for personal security, Activation Lock can create operational hurdles in enterprise environments:

  • Employee Churn: If a departing employee leaves their personal Apple Account linked to a company-issued device, that hardware becomes a “brick.”
  • Inaccessibility: IT departments lose the ability to repurpose or reassign assets without the specific password.
  • The Solution: Organizations must implement strategies to clear or bypass Activation Lock using Mobile Device Management (MDM) solutions such as Hexnode or Apple Business Manager.

1. Prerequisites for Activation Lock Management

For Hexnode to manage Activation Lock, devices must meet specific ownership and supervision criteria.

Feature iOS / iPadOS Requirements macOS Requirements
Supervision Must be Supervised Must be Supervised
OS Version iOS 7.1 or later macOS 10.15 (Catalina) or later
Enrollment ADE preferred ADE or Manual (with T2/M1+ chips)
Hardware All compatible models Apple Silicon or T2 Security Chip

2. Core Methods for Bypassing Activation Lock

Hexnode provides two primary methods to regain access to a locked device.

Method A: The “Clear Activation Lock” Command

This is the most seamless method. It sends a command to Apple’s servers to remove the lock associated with the device’s serial number.

  1. Navigate to the Manage tab in the Hexnode portal.
  2. Select the specific Device(s).
  3. Click the Actions button.
  4. Select Clear Activation Lock.
  5. Once the command is acknowledged by Apple, the device can be wiped and reactivated without requiring the previous user’s Apple Account.

Clear Activation lock remote action

Method B: The Bypass Code (Manual Entry)

If the device is not connected to the internet or the command fails, you can use a unique Bypass Code generated by Hexnode.

How to Retrieve and Use the Code?

  1. Go to Manage > Click on the Device Name.
  2. In the Device Info subtab, look for the Activation Lock section.
  3. Copy the Activation Lock Bypass Code.
  4. On the locked device (at the Activation Lock screen), leave the Apple Account field blank.
  5. Enter the Bypass Code in the Password field.
  6. Proceed with the device setup.

3. Activation Lock Configuration Workflow

Administrators can choose to allow or restrict users from enabling Activation Lock during the enrollment phase or via policies.

Applying Policy Restrictions

To prevent users from enabling Activation Lock on supervised devices:

  1. Navigate to Policies > iOS/macOS > Advanced Restrictions.
  2. Locate Activation Lock.
  3. Enable Activation Lock by checking the ‘Activation Lock’ feature. For the feature to take effect on the device, first disable and then enable Find My Mac.

On supervised iOS 7+ devices, you must toggle Find My iPhone off and then back on for the restriction to sync correctly. For macOS, ensure Two-Factor Authentication (2FA) is active on the Apple Account, while maintaining Full Security under Secure Boot and selecting “Disallow booting from external media” within the External Boot settings.

4. Feature Comparison: User-Side vs. Admin-Side

Feature User-Enabled (Personal) MDM-Enabled (Corporate)
Trigger Turning on “Find My” MDM Enrollment Profile
Removal Method User’s Apple Account & Password MDM Command or Bypass Code
Admin Control Limited (unless supervised) Full Control
Data Recovery Not guaranteed High (via device reset)

5. Critical Notes

  • Bypass Code Availability: Hexnode can only fetch the code if the device was supervised and the policy was active before the lock was triggered.
  • Internet Connectivity: The “Clear Activation Lock” command requires the device to be on the Activation Lock screen with an active Wi-Fi or cellular connection to receive the “unlock” signal from Apple.
  • Case Sensitivity: Bypass codes are case-sensitive and must be entered exactly as shown in the Hexnode portal.
  • Mac Specifics: For macOS, Activation Lock requires the “Find My” service to be enabled and the hardware to possess a T2 chip or Apple Silicon.

6. Troubleshooting

1. Activation Lock persists after “Wipe Device” action

Problem Overview: When executing a remote wipe from the Hexnode UEM portal, the Activation Lock may fail to clear automatically. The device remains stuck on the Activation Lock screen, requiring the previous user’s Apple Account credentials.

The Solution: Use Activation Lock Bypass Code

If the automated command fails, administrators can manually unlock the hardware using a unique code stored in the UEM.

  • Action: Locate the Activation Lock Bypass Code in the Hexnode portal under the specific device’s details.
  • Result: This allows IT to regain control of the hardware without the original user’s personal credentials.

2. Error “Your Apple Account or password is incorrect” during bypass

Problem Overview: This error occurs when the MDM-provided bypass code is rejected by the device or Apple’s activation servers during a manual entry attempt.

The Solution: Manual iCloud Find My Removal

When the bypass code fails, you must manually detach the hardware from the associated Apple Account via the web.

Step-by-Step Instructions:

  1. Access Find My: Navigate to icloud.com/find and sign in with the linked Apple Account.
  2. Select Device: Click All Devices and select the specific iPhone, iPad, or Mac.
  3. Remote Erase: Select Erase [Device]. This purges local data to prepare for release.
  4. Remove from Account: Click Remove from Account.
    5. Note:


    The lock remains active if you do not click “Remove from Account,” even after a wipe.

  5. Restart: Reboot the device to bypass the lock screen and begin new enrollment.

3. Device’s activation lock status not updated on the portal

The Hexnode UEM portal reports the Activation Lock status as Enabled under the Device Info tab, despite the lock being successfully cleared on the physical hardware.

The Solution: Manual Status Synchronization

To force the portal to reflect the correct status, you must toggle the “Find My” service locally on the device to trigger a fresh handshake with Apple’s servers, followed by a manual scan from the Hexnode console.

Step 1: Refresh “Find My” Settings on the Device

For iOS/iPadOS:

  1. Open Settings > [Your Name] > Find My.
  2. Tap Find My iPhone/iPad and toggle it OFF. (Enter Apple Account credentials if prompted).
  3. Wait 30 seconds, then toggle Find My iPhone/iPad back ON.

For macOS:

  1. Go to System Settings (or System Preferences) > [Your Name] > iCloud.
  2. Locate Find My Mac and toggle it OFF.
  3. Wait 30 seconds, then toggle Find My Mac back ON.

Step 2: Force a Portal Update

Once the local settings are refreshed, you must command the UEM to fetch this new data:

  1. Log in to the Hexnode UEM portal.
  2. Navigate to the Manage tab and select the specific device.
  3. Click the Actions button and select Scan Device.
  4. Once the scan completes, refresh the page. The Activation Lock status will now update to reflect the current state.

7. Frequently Asked Questions

  1. Can Hexnode remove Activation Lock on a non-supervised device?

    No. Apple requires Supervision to allow MDM servers to bypass security locks. For non-supervised devices, you must provide proof of purchase to an Apple Retail Store.

  2. Does clearing the Activation Lock wipe the device?

    No, the command only removes the lock. However, you typically use this command after a device has already been wiped and is stuck on the activation screen.

  3. What happens to the bypass code if the device is deleted from Hexnode?

    The bypass code is lost if the device record is deleted. It is recommended to record the code before removing a device from the portal.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Managing iOS Devices
Managing Mac Devices