Category filter
How Hexnode simplifies Apple’s Activation Lock feature?
Activation Lock is a security feature that prevents unauthorized access to an Apple device. It restricts users from wiping and reactivating Apple devices without the owner’s approval. Activation Lock works in tandem with the ‘Find My’ app and syncs with iCloud and Apple ID. The feature secures both iOS and macOS devices. Upon activating this feature, the device will remain locked unless the Apple ID and password are entered into it. Activation Lock is automatically enabled when the ‘Find My’ app on the device is turned on. Even if the device is completely wiped, the Activation Lock remains intact, enforcing security against possible intruders. As much as Activation Lock proves to be essential, it can be cumbersome in corporate settings. Corporate devices may be linked with an employee’s Apple ID, and when they leave the organization, the devices may become inaccessible. In such cases, we may have to clear or bypass the Activation Lock.
The methods mentioned here work only on devices already managed by Hexnode UEM.
Enable Activation Lock
To begin with, you need to enable activation lock on your endpoints.
iOS
- iOS 7 or later.
- Supervised/DEP enrolled.
- Navigate to Policies > iOS > Advanced Restrictions > Allow Security and Privacy Settings.
- Enable ‘Activation Lock’ and associate policy with the target device.
For the restriction to take effect, you must disable and enable Find My iPhone on your device. This feature is supported on supervised iOS 7+.
Mac
- Devices running macOS Catalina or later.
- macOS devices that are equipped with the T2 chip or Apple silicon chip.
- Navigate to Policies > macOS > Advanced Restrictions > Allow Security and Privacy Settings.
- Enable Activation Lock by checking the ‘Activation Lock’ feature. For the feature to take effect on the device, first disable and then enable Find My Mac.
Ensure that 2FA is enabled on your Apple ID and leave Secure Boot on Full Security with “Disallow booting from external media” selected under External Boot.
View Activation Lock status
To view whether Activation Lock is enabled on your devices, navigate to the Manage tab and select the device of your choice. You will be redirected to the Device summary page. Look at the Device Info subtab and check out the “Activation Lock” section. This section contains two fields, one showing if the Activation Lock is enabled or disabled and another with the Activation Lock bypass code.
Clear Activation Lock
Hexnode UEM provides several ways to bypass the Activation Lock page on devices managed by Hexnode.
To Clear Activation Lock from the UEM console:
- Go to the Manage tab and select your device from the Devices list.
- Click on Actions, select Clear Activation Lock from the dropdown menu, and confirm the action.
When the Activation Lock is cleared from a device and then wiped, it will not force the user to enter the previously linked Apple ID and password to regain access to the device.
Bypass Activation Lock
The Activation Lock Bypass Code works only on DEP-enrolled devices equipped with the T2 chip or Apple silicon chip.
With the Activation Lock bypass code, Apple provides a method to bypass the Activation Lock without knowing the Apple ID attached to the device. You can get this code from the UEM console:
- Navigate to the Manage tab and select your device from the Devices list. You will be redirected to the Device Summary page.
- Click on the Device info tab to view the section, Activation Lock.
- The Activation Lock Bypass Code can be revealed by clicking on the eye icon.
You can enter this code directly on your device’s Activation Lock page.
For iOS, enter the code in the Password field and leave the Apple ID field blank. However, for specific models, you may have to enter the Password in the Apple ID field.
On macOS devices, head to the system menu at the top and click on Recovery Assistant. Choose the Activate with MDM key option from the dropdown list to redirect to the page to enter the Activation bypass code.
