Managing Activation Lock allows you to lock a supervised Apple device without requiring the user to sign in to their iCloud account on the device, or allows you to ensure that you’re able to remove Activation Lock when it’s locked to a user. This allows your organization to benefit from the theft-deterrent functionality of Activation Lock.
Activation Lock on iPhone and iPad
On iOS 13 and iPadOS, if an Apple device is added to Apple School Manager or Apple Business Manager and enrolled in a mobile device management (MDM) solution, they are now supervised and Activation Lock is disallowed by default, which allows MDM to manage the feature.
Activation Lock on Mac
On Mac computers running macOS 10.15, you can’t enable Activation Lock using MDM, but you can prevent the user from enabling Find My.
Note: If Mac computers with an Apple T2 Security Chip are using User-approved MDM and are upgraded to macOS 10.15, Activation Lock is also disallowed by default. Managing Activation Lock on installations (not upgrades) of macOS 10.15 require the device to be supervised.
You can choose to enable or allow Activation Lock.
Enable Activation Lock on iPhone and iPad
Activation Lock can be enabled by an MDM solution at any time for devices in Apple School Manager or Apple Business Manager, as long as the device isn’t currently under Activation Lock by the user. When you enable Activation Lock, your organization benefits from its theft-deterrent functionality without users being able to disable it and without requiring them to enable Find My on their device. This is especially helpful for when users are using Managed Apple IDs from Apple School Manager or Apple Business Manager as Managed Apple IDs can’t use the Find My service. Once enabled, you use MDM to remove the device from Activation Lock when desired, or—on the device—you can use the user name and password of the Device Manager from Apple School Manager or Apple Business Manager who created the Device Enrollment token that links the MDM solution to Apple School Manager or Apple Business Manager.
Allow Activation Lock
You can use an MDM solution to allow Activation Lock on a supervised device. This lets your organization benefit from its theft-deterrent functionality, while still letting you bypass the feature if a user is unable to authenticate with their Apple ID for any reason, including if they’ve left the organization.
Your MDM solution can retrieve a bypass code from the device and permit the user to enable Activation Lock on the device based on the following:
If Find My is turned on when your MDM solution allows Activation Lock, Activation Lock is enabled at that time.
If Find My is turned off when your MDM solution allows Activation Lock, Activation Lock is enabled the next time the user activates Find My.