OT: Apple IDs & Association on Company-Owned Equipment Repercussions

damienbarrett
Valued Contributor

Here's an interesting issue that we just stumbled upon this morning. I'm actually quite surprised it hasn't come up before. As Apple moves more and more services and tools under the Apple ID and iCloud umbrella, this will likely become an even more prevalent.

- In our environment, we allow our users to be Admins
- Almost every user has a personal Apple ID
- we encourage them to use their personal Apple ID, and they do. They buy software from MAS and media from iTunes.
- We've known, of course, for some time about teaching our users to de-authorize their computer from their iTunes account when it's being returned to us. Until today, we hadn't considered that each end-user will have to also disassociate their company-owned computer from their Apple ID and from connected iCloud services like "Find my Computer" and "Find my iPhone.". If they don't, this can happen:

external image link

That's a freshly-imaged machine that was being used by a 12th grader who graduated in June 2014. He clearly has associated this computer with his Apple ID, and then at some point, lost his phone. When I pulled it out of storage to re-assign it, Apple's push server dutifully sent a message to this still-associated machine.

The solution to this is going to be some user-education along with modifying our turn-in procedures. Just as we ask every user to de-authorize iTunes, we're also going to have to ask them to log into iCloud.com, and remove their company-owned computer from the list of associated devices.

Not the end of the world, but I found this interesting enough that I thought I'd share with the community.

I know which student this machine belonged to and will email him to ask him to remove this machine from his iCloud account, and hope that he complies. Who knows how many other of my former students are out there with their school-issued computers still associated with their iCloud accounts.

2 REPLIES 2

mzago
New Contributor III

MDM solutions can provide a backdoor to bypass activation locks without an AppleID on iOS devices or remove it entirely. Not sure on the Mac side, but I wouldn't be surprised if it's possible to get Apple to unlock a computer after validating ownership.

I think most are not lucky enough to still be able to contact a user after they turned in a laptop.

bthomason
New Contributor II

We have dealt with this same issue when teachers leave, and do not unlock their iPads. Apple has a unlock activation process that consists of this:

Call AppleCare, and give serial number of device.
A request will be initiated and email that will be sent to you requesting information on an unlock authorization.
You will have to provide proof of purchase, and it can take a few days. Luckily we have all our purchases through Apple, so they just look this info up with the order number we give them.

So far so good.