Whether you have been immersed the in the world of Apple devices and mobile device management (MDM) for a long time or you are only beginning to look into MDM, as you search for a solution to managing a fleet of Apple devices you may have come across conversations online about "Activation Lock." Chances are, not only have you heard of Activation Lock, but you have heard people talk about it in many different ways.
Apple recently announced Activation Lock abilities for new Mac devices that feature their T2 chip: meaning Activation Lock is no longer just for iOS and iPadOS devices. Let’s look at the benefits, the challenges and how to ensure your experience is positive.
What is Activation Lock?
Before we get to the heart of this, let’s briefly cover “what is Activation Lock?” If you already know, feel free to skip down, but for those that are new or have only heard a little bit about it, this is for you!
Back in iOS 7, Apple announced a new feature for iPad, iPhone and iPod - recently extended to Mac - called "Activation Lock." This feature allows a user to keep their device secure — even if it falls into the wrong hands — and may improve the chances of recovering it. Activation Lock is tied in with the Find My app and interacts with Apple’s iCloud and the Apple ID attached to the device. It will lock down your device until the user’s Apple ID and password to your Apple ID is entered, a critical part of Activation Lock.
Apple says “A device with Activation Lock on it is difficult for someone else to use or sell. With Activation Lock, the user’s Apple ID password is required before anyone can turn off Find My on the device, erase the device, or reactivate it.”* In other words, once locked down, the device becomes unusable until the Apple ID password is entered.
* Source: Activation Lock For Iphone, Ipad, and Ipod Touch. (n.d.). Retrieved from https://support.apple.com/en-us/HT201365
Now that we understand the core function of Activation Lock, let’s talk benefits and challenges. The benefits are pretty obvious but let’s boil it down to three words (well, one word typed three times for dramatic effect) security, security, security!
Since you want to empower your team with the best tools for getting the job done, it's likely you have already made a considerable investment in Apple devices — or you're planning to. It’s an exciting time, an exciting prospect and you’ll want to do whatever you can to make sure that investment is worthwhile and secure.
Activation Lock helps secure devices while improving your chance of recovering them with its ties to the Find My app. Even if you erase the device remotely, Activation Lock can continue to deter anyone from reactivating your device without the proper permissions. All you have to do is keep Find My turned on and remember your Apple ID and password. In addition, you can pair this with the functions of the Find My app to help locate the device and display a custom message on screen for anyone that does find it.
Also, because this feature is tied in with iCloud, should you erase content and settings and have the device returned, you can simply restore it from iCloud backup and be up and running again.
You may have been able to pick up on the challenge associated with this feature for a company or user. Hint: It lives in the phrase "…remember your Apple ID and password." For an unsupervised device, with the device in your hand, there are two ways to disable Activation Lock. You can turn off the Find My app in Settings > iCloud, or you can erase the device entirely with Settings > General > Reset > Erase All Content and Settings. In either case, you will be prompted to enter your iCloud password first.
What happens when a person doesn’t remember their information, an employee leaves the company, or you have to deal with a disgruntled employee? Unless you have the proper steps in place, in advance, the device becomes inaccessible. The time and money invested in the devices suddenly becomes a sunk cost and the device needs to be replaced.
In the situation discussed above, the device is not supervised and not enrolled in MDM. Using a mobile device management platform like Jamf Now offers your business an emergency plan to step in and bypass the Activation Lock – conveniently known as Activation Lock Bypass. On every device that has Activation Lock enabled, Jamf Now generates a bypass code and stores it centrally, accessible through the device information page. Only your Jamf Now account Admin has access to view that code and, as long as Activation Lock is activated through your account and not through your user, that bypass code becomes your ticket to unlocking the device.
All an Admin needs to do is use the "Prevent changes to account" restriction within Jamf Now so that a user is unable to turn on Activation Lock on their own and render the bypass code ineffective. This way, the Admin will be alerted by your team member to activate Activation Lock on your end should something happen, and you know the device will remain secure even if someone tries to wipe the device. You also avoid the challenge of trying to gain access to a device an employee locked down if no one knows the Apple ID and password credentials. Activation Lock can be a great feature for increasing your security, and Jamf Now can help expand that.
To learn more about Apple device security or get a refresher, check out Jamf Now’s Basics of Apple Device Security in Small Business E-book.
Sign up for Jamf Now – First 3 devices free!