In last week’s post on how to disable and prevent user-based Activation Lock, I highlighted a script that I wrote that can prompt users to log out of Find My Mac if a Mac has Activation Lock enabled, which allows the MDM to put a “disallow user-based Activation Lock” key in place on the machine. (If you’d like a deep dive on Activation Lock, I’d encourage you to re-visit that blog post).
With the initial release of that script pushed out the door, I got to work on the improvements I wanted to add for the next revision. In addition to my own list, I also included some feedback and feature requests that I received from the mac admin community.
If you want to download the latest script, you can find it on GitHub. If you want a breakdown of the changes, keep reading.
Continue reading UnActivation Lock v1.5
It’s time for an adventure down the rabbit hole that is iCloud Activation Lock!
Apple’s iCloud Activation Lock feature is one of those features from Apple that is great for personal users and device security, but can be an absolute pain for admins.
I have spoken to many an admin who has a pile of MacBooks or iPads sitting in their office that are activation locked, sometimes with no method of recovery for getting back into those laptops. It’s such an issue that oftentimes perfect useable laptops have to be sold for parts because they cannot be re-used without the Activation Lock being removed from the device.
How do these devices get activation locked by users in the first place?
Keep in mind, there are two types of Activation Lock (device-based and user-based).
From Apple’s documentation:
There are two types of Activation Lock available to organizations:
Device-based: Device-based Activation Lock requires Apple School Manager, Apple Business Manager, or Apple Business Essentials and is generally simpler to manage for organizations. It enables MDM to fully control enabling and disabling of Activation Lock through server-side interactions.
User-based: User-based Activation Lock requires the user to have a personal iCloud account and for them to enable Find My. This method allows the user to lock an organization-owned device to their personal iCloud account if the MDM solution has allowed Activation Lock.
I will be focusing on user-based Activation Lock in this post (Device-based Activation Lock as of this writing, only applies to iPadOS and iOS).
I’m going to break this blog post into two sections: Steps you can take for devices that are already activation locked, and some thoughts on how to prevent Activation Lock in the first place.
Continue reading A Guide to Disabling & Preventing iCloud Activation Lock