Configure Activation Lock for Apple device deployments
Activation Lock makes it difficult for someone else to use or sell an iPhone, iPod touch, iPad, Mac, or Apple Watch. Managing Activation Lock with a mobile device management (MDM) solution lets your organization benefit from its theft-deterrent functionality while simultaneously providing you the ability to turn off Activation Lock from devices your organization owns.
Depending on the device, you can choose to enable or allow Activation Lock. Enabling Activation Lock means the MDM solution (not the user) contacts Apple servers to lock or unlock the device. In contrast, allowing Activation Lock lets users lock devices you own with their iCloud account. Some MDM solutions support both allowing Activation Lock and directly enabling it; if an attempt is made to use both, the first Activation Lock event that enables Activation Lock takes precedence.
When an MDM administrator enables Activation Lock on a Mac with Apple silicon, the device reboots into the recoveryOS, where the only options are to restart, shut down, activate, or erase the Mac. An administrator’s user name and password are required to perform these functions—not a PIN code.