Lock all apple devices

Activation Lock for iPhone, iPad, and iPod touch

Find My includes Activation Lock—a feature that’s designed to prevent anyone else from using your iPhone, iPad, or iPod touch, if it’s ever lost or stolen. Activation Lock turns on automatically when you turn on Find My on your device.

Activation Lock helps you keep your device secure, even if it’s in the wrong hands, and can improve your chances of recovering it. Even if you erase your device remotely, Activation Lock can continue to deter anyone from reactivating your device without your permission. All you need to do is keep Find My turned on, and remember your Apple ID and password.

With watchOS 2 and later, you can use Activation Lock to protect your Apple Watch. And with macOS Catalina or later and Mac computers that have the Apple T2 Security Chip or Apple silicon you can use Activation Lock to protect your Mac, too.

Here’s how it works

Each time an iPhone, iPad, iPod touch, Apple Watch, or Mac computer that has an Apple T2 security chip or Apple silicon is activated or recovered, the device contacts Apple to check whether Activation Lock is turned on.

Activation Lock turns on automatically when you set up Find My.* After it’s turned on, Apple securely stores your Apple ID on its activation servers and links it to your device. Your Apple ID password or device passcode is required before anyone can turn off Find My, erase your device, or reactivate and use your device.

If your device is lost or stolen

If you ever misplace your device—whether it’s lost or you think it might have been stolen—you should immediately use Mark As Lost in the Find My app.

Mark As Lost locks your screen with a passcode and lets you display a custom message with your phone number to help you get it back. You can also remotely erase your device if needed. Your custom message continues to display even after the device is erased.

While Activation Lock works in the background to make it more difficult for someone to use or sell your missing device, Lost Mode clearly shows anyone who finds your device that it still belongs to you and can’t be reactivated without your password.

If you forget your Apple ID or password

Your Apple ID is the account that you use to sign in to all Apple services. Usually, your Apple ID is your email address. If you forget it, we can help you find your Apple ID.

If you can’t find your Apple ID or reset your password, you’ll lose access to your account and might be unable to use or reactivate your device. To help prevent this, visit your Apple ID account page periodically to review and update your account information.

Check for Activation Lock before you buy a device from someone else

Before you buy an iPhone, iPad, or iPod touch, from someone other than Apple or an Apple Authorized Reseller, make sure that the device is erased and no longer linked to the previous owner’s account.

On a device with iOS or iPadOS 15 or later that is protected by Activation Lock, you see an «iPhone Locked to Owner» screen when you turn on or wake the device. Don’t take ownership of any used iPhone, iPad, or iPod touch if it’s protected by Activation Lock.

If you don’t see that screen, follow these steps to check if the device is ready to use:

1. Turn on and unlock the device.
2. If the passcode Lock Screen or the Home Screen appears, the device hasn’t been erased. Ask the seller to follow the steps below to completely erase the device. Don’t take ownership of any used iPhone, iPad, or iPod touch until it’s been erased.
3. Begin the device setup process.
4. If you’re asked for the previous owner’s Apple ID and password, the device is still linked to their account. Hand the device back to the seller and ask them to enter their password. If the previous owner isn’t present, contact them as soon as possible and ask them to use a browser to remove the device from their account. Don’t take ownership of any used iPhone, iPad, or iPod touch until it has been removed from the previous owner’s account.

A device is ready for you to use when you see the Hello screen.

Before you give away your device or send it in for service

Make sure that you turn off Find My on your device before you give it away or send it in for repair. Otherwise, your device is locked and anyone that you give the device to can’t use it normally and Apple technicians can’t perform service repairs. Just sign out of iCloud and then erase all content and settings. This completely erases your device, removes it from your Apple ID, and turns off Find My.

Источник

Activation Lock on Apple devices

When Activation Lock is enabled, it makes it difficult for someone else to use or sell an iPhone, iPod touch, iPad, Mac, or Apple Watch. Managing Activation Lock with an MDM solution lets your organization benefit from its theft-deterrent functionality while simultaneously providing you the ability to turn off Activation Lock for devices your organization owns.

There are two types of Activation Lock available to organizations:

Device-based: Device-based Activation Lock requires Apple School Manager or Apple Business Manager and is generally simpler to manage for organizations. It enables MDM to fully control enabling and disabling of Activation Lock through server-side interactions.

User-based: User-based Activation Lock requires the user to have a personal iCloud account and for them to enable Find My . This method allows the user to lock an organization-owned device to their personal iCloud account if the MDM solution has allowed Activation Lock.

Note: Some MDM solutions support both Activation Lock methods; if an attempt is made to use both, the first successful Activation Lock event takes precedence.

Device-based Activation Lock for iPhone and iPad

Enabling device-based Activation Lock means the MDM solution (not the user) contacts Apple servers directly to lock or unlock the device. Since this is done entirely server-side, there are no dependencies on user actions or the state of their device. The MDM solution creates its own escrow key, and sends it to Apple servers when it needs to enable or disable Activation Lock for the device.

Suppose that your MDM solution is unsuccessful in removing Activation Lock. Then on the Activation Lock Screen, enter the user name and password of the the account that created the device enrollment token that links the MDM solution to Apple School Manager or Apple Business Manager. This is an account with the role of Administrator, Site Manager (Apple School Manager only), or Device Enrollment Manager.

If your devices are assigned in Apple School Manager or Apple Business Manager, you should favor this method above any other.

User-based Activation Lock

In contrast with device-based Activation Lock, user-based Activation Lock lets users lock devices you own with their personal iCloud account.

In this case, MDM solutions can allow users to enable Activation Lock on an organization-owned supervised device. Because Activation Lock is disallowed by default on supervised devices, the MDM solution should fetch a bypass code created by the device and store it before allowing the user to enable Activation Lock. In case the user is unable to authenticate with their Apple ID for any reason, including if they’ve left the organization, this bypass code can be used to turn off Activation Lock remotely with MDM, or directly on the device, when the device needs to be erased and assigned to a new user.

In iOS and iPadOS, the bypass codes are available for up to 15 days after the device is first supervised, or until an MDM solution has obtained—and then cleared—the code explicitly. If an MDM solution hasn’t retrieved the bypass code within 15 days, that bypass code is unretrievable.

Mac computers require Apple silicon or the Apple T2 Security Chip to be eligible to use Activation Lock. If an eligible Mac computer is using Device Enrollment and is upgraded to macOS 10.15 or later, Activation Lock is disallowed by default and can optionally be allowed. Managing Activation Lock on installations (not upgrades) of macOS 10.15 or later require the device to be supervised. In macOS 11 or later, if a device is supervised using Device Enrollment, Activation Lock can’t be managed until the point at which the device is enrolled into MDM. That means it may be possible for Activation Lock to already be turned on when the device is enrolled in MDM and becomes supervised. In that case, it can’t be turned off using MDM and won’t be disallowed by default until it is first turned off by the user.

If you have physical possession of the device, on iOS and iPadOS, enter the MDM Activation Lock bypass code on the Activation Lock Screen in the Apple ID password field, and leave the user name field blank. On macOS, the bypass code can be entered by clicking on Recovery Assistant in the menu bar and selecting the Activate with MDM key option. Consult your MDM vendor’s documentation on where to locate the bypass code.

When MDM allows user-based Activation Lock, the following occurs:

If Find My is on when your MDM solution allows Activation Lock, Activation Lock is turned on at that time.

If Find My is off when your MDM solution allows Activation Lock, Activation Lock is turned on the next time the user turns on Find My .

Bypass codes and escrow keys

The bypass codes and escrow keys that the MDM solution use to manage Activation Lock are crucial to your ability to clear Activation Lock. These bypass codes and escrow keys should be secured and backed up regularly. If a change in MDM vendors is made, make sure that you’re provided with a copy of those bypass codes and escrow keys, or that Activation Lock is cleared for all enrolled devices.

To clear the Activation Lock on Apple devices that support dual SIMs, the MDM solution must include both IMEI (International Mobile Equipment Identity) values in the request. For MDM vendors, see Creating and Using Bypass Codes on the Apple Developer website.

If your MDM solution is unable to remove Activation Lock, contact your MDM vendor support resources or see the Apple Support article How to remove Activation Lock.

Источник

Lock and locate Apple devices

Lock devices

There are three ways you can remotely lock an Apple device:

Activation Lock: When Activation Lock is enabled, it makes it difficult for someone else to use or sell an iPhone, iPad, iPod touch , Mac or Apple Watch . Managing Activation Lock with an MDM solution lets your organisation benefit from its theft-deterrent functionality while simultaneously providing you with the ability to turn off Activation Lock for devices your organisation owns.

Lock a Mac with Apple silicon: Mobile device management (MDM) administrators can lock a Mac with a six-digit PIN and include a short message. After the command has been sent to the device, the device restarts and the user can see the message. The user can’t restart into macOS until the PIN has been entered and validated by the Mac.

Note: Locking a Mac computer with Apple silicon requires macOS 11.5 or later.

Managed Lost Mode: Managed Lost Mode for supervised iPhone, iPad or iPod touch devices locks the current user out of the device until Managed Lost Mode is turned off.

Locate lost or stolen supervised devices

MDM solutions can remotely place a supervised iPhone, iPad or iPod touch in Lost Mode (called Managed Lost Mode). When an MDM solution remotely turns on Managed Lost Mode, the current user is locked out of the device. The Lock Screen displays a message that can be customised by the MDM administrator, such as displaying a phone number to call if the device is found. Also, when a device is in Managed Lost Mode, an MDM solution can remotely query for the device’s location (even if location services are off) and, optionally, play a sound. Managed Lost Mode automatically enables Low Power Mode to help extend the device’s battery life and doesn’t require Find My to be turned on to use.

When an administrator turns off Managed Lost Mode, which is the only way the mode can be exited, the user is notified that the MDM administrator had turned on Managed Lost Mode and collected the device’s location through either a message on the Lock Screen or an alert on the Home Screen.

Источник

Lock and locate Apple devices

Lock devices

There are three ways you can remotely lock an Apple device:

Activation Lock: When Activation Lock is enabled, it makes it difficult for someone else to use or sell an iPhone, iPad, iPod touch , Mac, or Apple Watch . Managing Activation Lock with an MDM solution lets your organization benefit from its theft-deterrent functionality while simultaneously providing you the ability to turn off Activation Lock for devices your organization owns.

Lock a Mac with Apple silicon: Mobile device management (MDM) administrators can lock a Mac with a six-digit PIN and include a short message. After the command has been sent to the device, the device restarts and the user can see the message. The user can’t restart into macOS until the PIN has been entered and validated by the Mac.

Note: Locking a Mac computer with Apple silicon requires macOS 11.5 or later.

Managed Lost Mode: Managed Lost Mode for supervised iPhone, iPad, or iPod touch devices locks the current user out of the device until Managed Lost Mode is turned off.

Locate lost or stolen supervised devices

MDM solutions can remotely place a supervised iPhone, iPad, or iPod touch in Lost Mode (called Managed Lost Mode). When an MDM solution remotely turns on Managed Lost Mode, the current user is locked out of the device. The Lock Screen displays a message that can be customized by the MDM administrator, such as displaying a phone number to call if the device is found. Also, when a device is in Managed Lost Mode, an MDM solution can remotely query for the device’s location (even if location services are off) and, optionally, play a sound. Managed Lost Mode automatically enables Low Power Mode to help extend the device’s battery life and doesn’t require Find My to be turned on to use.

When an administrator turns off Managed Lost Mode, which is the only way the mode can be exited, the user is notified that the MDM administrator had turned on Managed Lost Mode and collected the device’s location through either a message on the Lock Screen or an alert on the Home Screen.

Источник

Lock and locate Apple devices

Lock devices

There are three ways you can remotely lock an Apple device:

Activation Lock: When Activation Lock is enabled, it makes it difficult for someone else to use or sell an iPhone, iPad, iPod touch , Mac, or Apple Watch . Managing Activation Lock with an MDM solution lets your organization benefit from its theft-deterrent functionality while simultaneously providing you the ability to turn off Activation Lock for devices your organization owns.

Lock a Mac with Apple silicon: Mobile device management (MDM) administrators can lock a Mac with a six-digit PIN and include a short message. After the command has been sent to the device, the device restarts and the user can see the message. The user can’t restart into macOS until the PIN has been entered and validated by the Mac.

Note: Locking a Mac computer with Apple silicon requires macOS 11.5 or later.

Managed Lost Mode: Managed Lost Mode for supervised iPhone, iPad, or iPod touch devices locks the current user out of the device until Managed Lost Mode is turned off.

Locate lost or stolen supervised devices

MDM solutions can remotely place a supervised iPhone, iPad, or iPod touch in Lost Mode (called Managed Lost Mode). When an MDM solution remotely turns on Managed Lost Mode, the current user is locked out of the device. The Lock Screen displays a message that can be customized by the MDM administrator, such as displaying a phone number to call if the device is found. Also, when a device is in Managed Lost Mode, an MDM solution can remotely query for the device’s location (even if location services are off) and, optionally, play a sound. Managed Lost Mode automatically enables Low Power Mode to help extend the device’s battery life and doesn’t require Find My to be turned on to use.

When an administrator turns off Managed Lost Mode, which is the only way the mode can be exited, the user is notified that the MDM administrator had turned on Managed Lost Mode and collected the device’s location through either a message on the Lock Screen or an alert on the Home Screen.

Источник