15.11 Activation Lock

Activation Lock is a security feature on Apple devices that runs on iOS 7 or later versions. Using this feature you can prevent the reactivation of lost or stolen devices.

Activation Lock is enabled automatically when you turn on the Find My Device feature on a device. To enable Find My Device, log into iCloud account on device.

If you sign out of the iCloud account on your device, Find My Device and Activation Lock will be disabled.

If Find My Device is enabled on a device, iCloud credentials are required to:

  • Erase the device

  • Reactivate the device

  • Turn off the Find My Device feature

In a corporate environment, if Activation Lock is enabled on a corporate-owned fully managed iOS supervised device, iCloud credentials are required to reset the device and assign it to another user. If iCloud credentials of the user are not available, then administrators can use the Activation Lock Bypass feature to bypass the Activation Lock on the device.

15.11.1 Activation Lock Bypass Code

Activation lock bypass code is a 16 digit alpha-numeric series, which can be used to bypass the activation lock on an iOS device. The bypass code lets you to bypass Activation Lock from supervised devices without the user’s iCloud credentials.

15.11.2 Enabling Activation Lock Bypass

Prior to enabling Activation Lock Bypass on an iOS device, ensure that the device is supervised and enrolled via MDM.

To enable Activation Lock Bypass:

  1. In ZENworks Control Center, click Configuration.

  2. In the Management Zone Settings panel, click Device Management, and then click iOS Device Settings.

  3. In the iOS Device Settings page, select the Enable Activation Lock Bypass checkbox, and then click Apply.

NOTE:By default, Activation Lock Bypass will be enabled on all devices in the Management Zone.

Retrieving the Activation Lock Bypass Code

When an iOS supervised device is enrolled to a zone, the Activation Lock Bypass code is automatically retrieved from the device. The retrieved bypass code is encrypted and stored in the ZENworks database.

NOTE:

  • After enrolling the device to a ZENworks zone, the activation lock bypass code is automatically deleted from the device.

  • Whenever a device is reset, a new Activation Lock Bypass code is generated. Hence, it is recommended that you reset the device before enrolling the device to a zone.

For issues related to the Activation Lock Bypass code, see Section A.0, Troubleshooting.

Disabling Activation Lock Bypass

To disable Activation Lock Bypass, uncheck the Enable Activation Lock Bypass checkbox in the iOS device Settings page.

NOTE:You can reactivate the device using the Activation Lock Bypass code only if the Activation Lock Bypass feature is enabled on the device. Hence, it is recommended that you always enable the setting in ZCC.

15.11.3 Viewing the Activation Lock Bypass Code in ZCC

After enrolling a device to a zone, perform the following steps to view the Activation Lock Bypass code:

  1. In ZENworks Control Center, click Devices.

  2. In the Devices page, click Mobile Devices, and then select the device for which you want to view the bypass code.

  3. In the Device Information page, under the Administration section, click Show, adjacent to Activation Lock Bypass Code.

    The 16 digit Activation Lock Bypass code for the selected device is displayed.

NOTE:Administrators with View Activation Lock Bypass Code rights can view the bypass code.

Exporting the Activation Lock Bypass Code

The Activation Lock Bypass codes in the zone can be exported by running the zman malbetf command. The command exports the Activation Lock Bypass codes of all supervised iOS devices in the zone to a ZIP file.

NOTE:Only super admins have rights to execute the command.

For more information, see the ZENworks Command Line Utilities Reference.

15.11.4 Activating the Device Using the Activation Lock Bypass Code

If Activation Lock is enabled on the device, iCloud credentials are required to reset the device. To reactivate the device, you should provide the iCloud credentials that was used to enable the activation lock. If iCloud credentials are not available, then the Activation Lock Bypass code can be used to reactivate the device.

To reactivate the device using the Activation Lock Bypass code:

  1. Either unenroll the device from ZCC by selecting Fully wipe the devices, resetting them to factory setting or reset the device by using Apple Configurator.

    For more information, see Section 15.15, Unenrolling a Device.

  2. When prompted for Apple ID and password, leave the Apple ID field empty and enter the 16 digit bypass code in the password field without specifying the dashes.

NOTE:You can reactivate the device using the Activation Lock Bypass code only if Activation Lock Bypass is enabled on the device.