Microsoft Endpoint Manager (Intune) to unlock Activation Lock

You can keep your device secure with an activation lock even if it falls into the wrong hands, and you may be able to retrieve it if you lose it. Activation Lock can continue to prevent anyone from reactivating your device without your permission, even if you erase your device remotely. Make sure you keep Find My On and remember your Apple ID and password.


Apple devices are theftproof with Activation Lock, as it makes it hard for unauthorized persons to use or resell a lost or stolen device. Apple ID is stored on Apple's server and linked to a device once the Find My app is turned on (on iPhone or iPad). Therefore, anyone who wishes to erase or reactivate a device must have either their Apple ID password or device passcode. Activation Lock is typically enabled by an employee before he or she leaves the company and returns the device to the IT department. Managed Apple IDs are by default disabled from the Find My feature; however, if a personal Apple ID is used on the device and Activation Lock is enabled, this usually generates an error.


For organizations to benefit from the security features of Activation Lock, Microsoft Endpoint Manager (Intune) can be used to enable Activation Lock on Supervised iOS/iPadOS devices (macOS support is coming). With MDM solutions like Intune, Bypass codes (recovery keys) can be used to unlock the device and assign it to a new user when the Activation Lock needs to be cleared.


Prerequisites

  • Intune Tenant

  • Apple devices

  • iOS/iPadOS Supervised devices (e.g. enrolled via Apple's ADE/DEP)

  • The Intune platform will support MacOS 10.15 (or later), requiring an Apple T2 security chip or Apple silicon (M1).

Configuration setup


Create and deploy a Device Configuration (Restrictions) profile on MEM/Intune console




Enable Activation lock parameter



Assign Policy to respective group



User Experience


The device must first be activated if it has been wiped and connected to the network.

The activation process begins with the activation lock screen, where a user can enter the Activation Lock Bypass Code into the Password field and leave the Apple ID field blank




From the MEM/Intune console, select Devices and its Hardware page, then type in the Activation Lock Bypass code.



Note: Bypass codes for activation locks are valid only for 15 days from the date they are generated after that they lose their validity.


476 views