Activation Lock is a feature of Find My iPhone that's built into devices with iOS 7 and later. It's designed to prevent reactivation of lost or stolen devices by requiring the user's Apple ID and password before anyone can turn off Find My iPhone, erase the device, or reactivate and use the device. Learn how to use Mobile Device Management (MDM) tools to manage Find My iPhone Activation Lock.
In iOS 7.1 or later, you can use a compatible MDM solution to enable Activation Lock when a user turns on Find My iPhone. Your MDM solution can store a bypass code when Activation Lock is enabled and later use this code to clear Activation Lock automatically when you need to erase the device and deploy it to a new user. Refer to your MDM solution documentation for details.
Managed Lost Mode
If Find My iPhone is turned on, the user who signed into iCloud on the device activate Lost Mode on iCloud.com. Use Lost Mode to lock a missing device, display a message on its screen, and determine its location.
With iOS 9.3 or later, you can also use MDM to place a supervised device into Managed Lost Mode. Managed Lost Mode is a dedicated mode that must be disabled by the administrator before the device can be used again. Like Find My iPhone, an administrator can send messages to the device while the device is in Managed Lost Mode. Unlike Find My iPhone, device location information can only be accessed by the MDM server when Managed Lost Mode is enabled. When enabled, the user won't be able to unlock the device until Managed Lost Mode is turned off and the user is notified if location information was accessed during that time.
Refer to your MDM solution documentation for additional details.
Manage Activation Lock on unsupervised devices
MDM can't control Activation Lock on unsupervised devices. On an unsupervised device, Activation Lock will be enabled as soon as a user signs in to iCloud and turns on Find My iPhone.
If you deploy unsupervised devices, the previous user must turn off Find My iPhone before you deploy a device to a new user. Follow these steps:
- If the user has access to the iOS device, they can turn it off in Settings > iCloud > Find My iPhone.
- If the user doesn't have access to the iOS device, they can sign in to iCloud.com or the Find My iPhone app on another iOS device, then erase the device and remove it from the device list.
Use Apple Configurator with devices that have Find My iPhone enabled
Preparing a device: If you use Apple Configurator to prepare a device with Find My iPhone enabled, you'll see the message "Unable to check iOS" whether or not Activation Lock is enabled. Follow the appropriate steps:
- If Activation Lock is enabled (either the device is unsupervised, or MDM was used to allow Activation Lock on a supervised device) you must disable Activation Lock before preparing the device. Either the iCloud user who enabled Find My iPhone must disable it, or you can use the Activation Lock bypass code if MDM enabled it.
- If Activation Lock isn't enabled (the device is supervised and MDM wasn't used to allow Activation Lock) either the iCloud user who enabled Find My iPhone can disable it, or you can put the device into recovery mode and then prepare it.
Refreshing a device: If you use Apple Configurator to refresh a supervised device with Find My iPhone enabled, you'll see the message "Could not restore backup" whether or not Activation Lock is enabled. Either the iCloud user who enabled Find My iPhone can disable it before you refresh the device, or you can put the device into recovery mode and then prepare it as a new device.