iOS 7: Mobile Device Management and Find My iPhone Activation Lock
Learn how to use Mobile Device Management (MDM) tools to manage the Activation Lock feature of Find My iPhone in iOS 7.
Activation Lock is a feature of Find My iPhone that is built in to iOS 7. It's designed to prevent reactivation of lost or stolen iOS devices by requiring the user's Apple ID and password before anyone can turn off Find My iPhone, erase the device, or reactivate and use the device.
In iOS 7.1 or later, you can use a compatible MDM solution to enable Activation Lock when a user turns on Find My iPhone. Your MDM solution can store a bypass code when Activation Lock is enabled and later use this code to clear Activation Lock automatically when you need to erase the device and deploy it to a new user. Refer to your MDM solution documentation for details.
Managing Activation Lock on unsupervised devices
MDM can't control Activation Lock on unsupervised devices. On an unsupervised device, Activation Lock will be enabled as soon as a user signs in to iCloud and turns on Find My iPhone.
If you deploy unsupervised devices, the previous user must turn off Find My iPhone before you deploy a device to a new user. Follow these steps:
- If the user has access to the iOS device, they can turn it off in Settings > iCloud > Find My iPhone.
- If the user doesn't have access to the iOS device, they can sign in to iCloud.com or the Find My iPhone app on another iOS device, then erase the device and remove it from the device list.
Using Apple Configurator with devices that have Find My iPhone enabled
Preparing a device: If you use Apple Configurator to prepare a device with Find My iPhone enabled, you'll see the message "Unable to check iOS" whether or not Activation Lock is enabled. Follow the appropriate steps:
- If Activation Lock is enabled (either the device is unsupervised, or MDM was used to allow Activation Lock on a supervised device) you must disable Activation Lock before preparing the device. Either the iCloud user who enabled Find My iPhone must disable it, or you can use the Activation Lock bypass code if MDM enabled it.
- If Activation Lock isn't enabled (the device is supervised and MDM wasn't used to allow Activation Lock) either the iCloud user who enabled Find My iPhone can disable it, or you can put the device into recovery mode and then prepare it.
Refreshing a device: If you use Apple Configurator to refresh a supervised device with Find My iPhone enabled, you'll see the message "Could not restore backup" whether or not Activation Lock is enabled. Either the iCloud user who enabled Find My iPhone can disable it before you refresh the device, or you can put the device into recovery mode and then prepare it as a new device.