How to remove MDM activation lock on MacBook, iPhone and iPad?

When Apple devices are being used in organizations for work, features like Activation Lock need to be disabled or removed to allow IT admins to re-purpose and provision the same device to another user. Read on to find out how you can disable Activation Lock on your organization's devices using Mobile Device Manager Plus.

So, what exactly is Activation Lock?

Activation lock is an in-built security feature in Apple devices that restricts activating or resetting a device without logging into the device user's iCloud account. This prevents device data from being compromised if the device falls into the wrong hands. However, when Apple devices are used in organizations by the workforce, they will have to be repurposed, reassigned, and reused when employees leave the organization. In such cases, Activation Lock needs to be bypassed or turned off, to facilitate device reassignment. Fortunately, modern mobile device management (MDM) solutions can help with activation lock removal on macOS and iOS devices.

This document explains in detail about how the activation lock can be turned off or bypassed on MacBooks, iPhones and iPads.

This document covers the following:

Apple Activation Lock

Activation Lock is a feature designed by Apple to enhance corporate data security by mandating users to enter their Apple passwords when devices such as iPhones, iPads and Macs are factory reset. This Factory Reset Protection (FRP) system is also known as iCloud Lock and is a part of the Find My iPhone app available on devices running iOS 12 or earlier versions. From iOS 13 onwards and on macOS, Activation Lock is available under the Find My app which combines both Find My iPhone and Find My Friends.The Activation Lock feature ensures that sensitive data is protected even if the device falls into the wrong hands.

Activation Lock helps safeguard the data stored on Apple devices when they are misplaced or stolen. It can be enabled on the following devices:

  • Apple iPhone
  • Apple iPad
  • Apple iPod
  • Apple Watch
  • Mac machines running macOS 10.15 or later versions
  • Mac machines which have the Apple T2 security chip

Under certain circumstances, it is necessary to bypass Activation Lock on Macbook and iPhones, despite it being a security feature. This document explains how deploying a mobile device management solution such as Mobile Device Manager Plus (MDM), can help with iPhone and Macbook Activation Lock removal during these situations without compromising device security.

How to enable Activation Lock?

To protect the devices from theft and unauthorized access, Activation Lock can easily be enabled on MacBooks or iPhones

  • Activation Lock is automatically enabled when the user turns on Find My iPhone or Find My, depending on the device and the OS version.
  • Once the Activation Lock is enabled, the user's Apple ID is securely stored on Apple’s activation servers and linked to the corresponding device.
  • For security reasons, anyone who tries to turn off the Activation Lock or reactivate the device by factory resetting it will be prompted to provide the user's Apple account credentials. Thereby, unauthorized users are prevented from turning off activation lock and accessing the data stored on these devices.

Enabling Activation Lock on iOS devices

If the device is recovered, the user will have to enter their Apple account credentials to reactivate the device.

What is the need to bypass iCloud Activation Lock?

While the Activation Lock appears to be beneficial in securing personal devices, it poses a challenge in the case of corporate devices. Many organizations provide mobile devices to their employees for work. Each corporate device is associated with an employee's account. The problem arises when the employee has enabled Find My on the device and leaves the organization, returning the device to the IT admin. When the device is reset for handing it over to another employee, there is a prompt to enter the account credentials of the previous employee. Only if the credentials are entered correctly can the device be used again. As it is impossible to bypass the Activation Lock, the device is rendered useless to the organization. This problem can be eliminated by keeping the Activation Lock turned off on corporate devices. However, this is not ideal as the devices become vulnerable to misuse if lost or stolen. There needs to be a provision to bypass the Activation Lock on MacBooks and iOS devices, during these situations without compromising device security.

How to remove or bypass Activation Lock on Apple devices?

Activation Lock can be bypassed by enrolling the device to an MDM solution. ManageEngine's Mobile Device Manager Plus (MDM), a robust mobile device management solution provides an effective way to bypass Activation Lock along with ensuring data security.

In order to disable Activation Lock using MDM, the Apple devices need to be Supervised. Supervision is an ideal way to provide IT admins additional control over corporate iOS and macOS devices.

Bypass iCloud Activation Lock on iPhones and iPads

MDM supports two methods to Supervise and bypass or remove the Activation Lock on devices like iPhones (iOS), iPads (iPadOS), and MacBooks (macOS).

Enrolling devices using any of the above mentioned methods will remove the Activation Lock and the user will not be able to enable it. 

How to bypass MacBook Activation Lock?

macOS devices are gaining popularity in organizations, which makes it crucial to disable/bypass Activation lock on MacBooks before they're handed over to employees. Mobile Device Manager Plus simplifies MacBook Activation Lock removal.

For MacBook Activation Lock bypass using MDM, the Mac device should be Supervised using Apple Business Manager or Apple School Manager, which is a program similar to ABM for educational institutions.