Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Managing iOS Devices
  3. Restrictions

Category filter

How to find lost iOS devices with MDM

Jump To

Retrieving a lost or stolen iOS device is a seamless process when backed by an efficient management strategy. While standard MDM enrollment provides essential security, the most effective way to simplify and guarantee recovery is through Apple’s Automated Device Enrollment (ADE) – formerly known as the Device Enrollment Program (DEP).

1. The Role of (Apple Business Manager) in Device Recovery

The Apple Device Enrollment (ADE) significantly simplifies recovery by making the MDM profile non-removable. Even if a device is factory reset, the management profile reappears during the initial setup, allowing tracking to continue.

  • Configuration Requirement: In the ADE policy (Admin > Apple Business/School Manager > Automated Device Enrollment > Enrollment Profiles > Create Enrollment Profile), ensure the checkbox “Allow MDM profile removal” is unchecked.
  • Benefits: Enables persistent Remote Ring, Wipe, Lock, and Lost Mode, even after a reset.

2. Finding Supervised iOS Devices via Hexnode

Supervised devices offer the highest level of recovery control. Admins can execute location scans, lock the device, or enable specialized theft-deterrent features.

Location Tracking via Policy

To track a device, you must first deploy a Location Tracking policy:

  1. Navigate to Policies > New Policy > iOS > Enterprise > Tracking and Fencing > Location Tracking.
  2. Configure the frequency.
  3. Assign the policy to the target device under Policy Targets and click Save.

Executing the “Scan Device Location” Action

Once the policy is active:

  1. Go to the Manage tab and select the device.
  2. Click Actions > Scan Device Location.
  3. View results in the Location History tab.

Find lost iOS devices with Hexnode MDM using Scan Device Location

Security Actions: Lock, Wipe, Lost Mode, and Remote Ring

Go to Manage > [Select Device] > Actions to perform:

  • Lock Device: Disables further usage by locking it with the passcode.
  • Wipe Device: Erases all data and settings to prevent data leaks.
  • Enable Lost Mode: Locks the device with a custom message and contact number.
  • Remote Ring: Plays a loud sound to locate a device in the immediate vicinity.
Warning


If a device in Lost Mode is restarted, it will lose its Wi-Fi connection. Lost Mode can only be disabled via the portal if the device has an active network connection.

3. Activation Lock Management

Activation Lock prevents unauthorized users from erasing or selling a device by requiring an Apple Account for reactivation.

How to enable Activation Lock via Hexnode?

  1. Navigate to Policies > New Policy > iOS > Enterprise > Advanced Restrictions.
  2. Go to Allow Security and Privacy Settings and check Activation Lock.
  3. Save and apply the policy to the device.
    4. Note:


    After pushing the policy, manually disable and re-enable Find My iPhone on the device to trigger the lock.

4. Finding Managed (But Not Supervised) Devices

If a device is managed but not supervised, Hexnode can still execute basic security commands, provided a Location Tracking policy is in place.

5. Finding Unmanaged & Unsupervised Devices

If the device is neither managed by Hexnode nor supervised, you must rely on Apple’s native Find My iPhone ecosystem.

  1. Sign in to iCloud.com/find.
  2. Click Find iPhone, choose your specific device from the All Devices list, and select Locate your device.
  3. Required Conditions: “Find My” must be enabled, and the device must be online.
  4. Actions: Play Sound, Lost Mode, Activation Lock, or Erase Device.
Note:


For iOS 5 devices, you can execute Lock and Locate (on-demand), but persistent Tracking (background history) is not supported.

How to Disable Lost Mode (Post-Recovery)

Once the device is found, Lost Mode can be disabled via the portal or the device itself:

  • From the Hexnode Portal: Go to Manage > Select the device > Click Actions > Select Disable Lost Mode.
  • From the Device: Simply enter the device passcode on the lock screen to automatically disable Lost Mode.
  • Via Disenrollment: If an admin disenrolls a device while Lost Mode is active, the device automatically exits Lost Mode. Hexnode pushes the “Disable Lost Mode” command as part of the disenrollment process to ensure the device remains usable.

6. Frequently Asked Questions (FAQs)

  1. Can a device be tracked if it is offline?

    MDM commands like “Scan Device Location” require an active internet connection to execute. However, Apple’s Find My network can often report the last known location for a limited window after a device goes offline.

  2. Does “Wipe Device” remove the ability to track the device?

    For non-ADE devices, yes. Wiping removes the MDM profile. For ADE devices, management is re-established as soon as the device is powered on and connected to a network, allowing for continued oversight.

  3. What happens if a device is restarted while in Lost Mode?

    The device may lose its Wi-Fi connection upon restart. Since Lost Mode can only be disabled via the portal when the device is online, a complete loss of connectivity can lead to a “locked” state that requires physical restoration.

7. Troubleshooting

  1. Why do iOS Devices get stuck in Lost Mode?

    Reason:

    Devices typically get stuck due to:

    • Connectivity Loss: The device is out of range of known Wi-Fi or has no SIM card/Cellular data.
    • Post-Restart Lockout: On most iOS versions, a device requires a passcode entry after a restart to enable Wi-Fi. Since Lost Mode prevents passcode entry, the device remains offline.
    • Disabled USB Accessories: If the policy to “Allow USB accessories while locked” is disabled, the device may reject recovery hardware.

    Solution:

    1. Re-establish the Network Connection

      If the device is offline, you can force a wired internet connection:

      • Hardware Required: Lightning to USB 3 Camera Adapter and an Apple USB Ethernet adapter.
      • Action: Connect the device to a wired internet source using these adapters. Once online, execute the Disable Lost Mode action from the Hexnode console.
    2. Restore the Device using Apple Configurator
      • Connect the iOS device to the Mac via USB and launch Apple Configurator 2.
      • Select the device in the app window.
      • Go to Actions > Restore OR Control-click the device and select Restore.

      Note:


      This erases all content and removes the supervision profile from supervised devices.

    3. Erase the Device using Apple Configurator
      • Connect the device to the Mac and open Apple Configurator 2.
      • Go to Actions > Advanced > Erase All Content and Settings OR Control-click the device and navigate to Advanced > Erase All Content and Settings.
    4. Restore the Device by Turning on Recovery Mode

      Use this if the device is not recognized normally by the Mac. Open Finder (macOS Catalina or later) or iTunes (macOS Mojave or earlier).

      Steps to Enter Recovery Mode:

      • iPhone 8 or later: Hold the volume up button and release quickly. Repeat with volume down. Finally, press the side button until you see the recovery-mode screen.
      • iPhone 7 and iPhone 7 Plus: Keep holding the volume up (or Side button) and volume down button simultaneously until you see the recovery-mode screen.
      • iPads without a home button: Hold the volume up button and release quickly. Repeat with volume down. Press the top button until the device restarts. Continue holding the top button until it enters recovery mode.
      • iPad with home button, iPhone 6s or earlier: Hold the home button and top (or side button) simultaneously until you see the recovery-mode screen.

    Final Action: Once the device appears on the Mac, click Restore. This erases all data stored on the device.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Managing iOS Devices