Activation Lock

A security state that ties a device to a specific Apple ID, preventing erasure, reactivation, or use by unauthorized parties. MDM can bypass this for supervised devices.

What to Know

Activation Lock is Apple’s anti-theft feature that makes stolen devices unusable by requiring the original owner’s Apple ID and password to reactivate after erasure. This significantly reduces the resale value of stolen devices, deterring theft. However, for corporate-owned devices, Activation Lock can create operational challenges when employees leave with Find My enabled or when devices need to be reassigned. Managed Activation Lock allows organizations to maintain theft protection while retaining the ability to bypass locks using escrowed codes.

Without proper management, Activation Lock can strand corporate devices when former employees are unreachable or uncooperative. Organizations must balance the security benefits of Activation Lock with operational needs for device lifecycle management, making supervised enrollment and bypass code escrow critical for enterprise deployments.

Common Scenarios

Enterprise IT: When an employee leaves without disabling Find My, their corporate iPhone becomes locked with their personal Apple ID. IT uses the escrowed bypass code from MDM to clear the lock and reassign the device, avoiding lengthy Apple Support processes that require proof of purchase documentation.

MSP: Clients purchasing used or refurbished devices occasionally encounter Activation Lock from previous owners. MSPs verify that all client devices are properly enrolled in MDM with bypass codes escrowed before deployment, and they educate clients on the importance of supervised enrollment for preventing device lockouts during employee transitions.

Education: Students enable Find My on school-owned iPads despite policies prohibiting it. During summer device collection, IT encounters dozens of locked devices. With Managed Activation Lock, IT clears locks automatically without tracking down each student, ensuring devices are ready for the next school year.

In Addigy

Addigy automatically escrows Activation Lock bypass codes for supervised devices enrolled via ADE. Admins can view lock status for all devices and issue the “Clear Activation Lock” command directly from the device action menu. Addigy’s device inventory shows which devices have Activation Lock enabled, helping IT proactively address potential redeployment issues before devices are collected from users.